How prepared is your school for the inevitable cyber threats that come with increased digitalisation?
At EduTECH 2024, cyber security was a hot topic, reflecting on just how critical it has become in today’s schools. With AI on the rise and digital tools becoming integral to education, the cyber threats schools face are only growing. As the Australian Cyber Security Centre reports a critical incident every six minutes, it’s clear that the question isn’t “if” a cyber incident will happen but “when”.
This year’s event brought together experts from different parts of Australia’s education industry to share practical advice on how schools can strengthen their cyber security strategies without stifling innovation or compromising educational outcomes.
Reasonable cyber risk management: A balanced approach
One of the standout sessions, ‘An IT Director and Business Manager dialogue on reasonable cyber risk management’, brought together school representatives and government officials to discuss what “reasonable” cyber risk management looks like. This session shone a light on the need for collaboration between the technical and financial sides of a school, especially when it comes to tackling complex cyber threats.
Brenton Harty, Director of ICT at PLC Melbourne, highlighted the importance of starting cyber security strategies at the board level. “It all begins with a clear understanding of the school’s risk appetite and priorities,” Harty said. In doing so, schools can turn big-picture strategies into practical tech solutions that protect digital assets without overburdening resources.
Josh Lyon, Director of Technology Services at Trinity Grammar School in Kew, noted that the role of IT directors has evolved. “Today, it’s as much about training and raising awareness as it is about managing systems,” Lyon explained. He also pointed out that user error is still the biggest vulnerability when it comes to protecting your IT systems, making it crucial to educate staff and engage them in the school’s cyber security efforts.
Ultimately, schools and education organisations will need to find a way to balance robust security measures with financial constraints. This will of course look different depending on each organisation’s available resources, but some core things should always remain, including:
- Aligning IT and non-IT resources with your school’s risk appetite and goals.
- Continuously train staff to be aware of cyber risks.
- Making strategic plans timely, actionable, and realistic.
Cyber security and data privacy in the age of AI
As AI makes its way into classrooms, the CIO panel at EduTECH 2024 tackled the challenges of cyber security and data privacy.
During the discussion, ‘CIO PANEL: Cyber security & data privacy with AI on the rise in schools’, Daniel Hughes, CIO for the Department of Education in South Australia, spoke about the potential of AI to transform education for the better while still urging caution. “We have a rich data set that, when used responsibly, can significantly enhance learning outcomes – there’s no doubt about it,” Hughes said. However, he emphasised the importance of combining data safely and using AI to enhance education while protecting privacy.
Elizabeth Wilson, CIO of Information Management and Technology Services at the Department of Education in Victoria, echoed this cautious optimism. “AI offers tremendous promise, but schools need to proceed with caution,” she advised. Wilson also highlighted the need for schools to develop clear policies around AI and ensure that only authorised systems are integrated, removing potential vulnerabilities that often come with shadow IT and BYO devices and software.
Non-negotiables when integrating AI into your education program:
- Developing policies around AI and data usage.
- Identifying key application owners and ensuring proper authorisation.
- Balancing innovation with the need to protect data security.
Building a strong cyber security strategy: Lessons from Westbourne Grammar
As part of the leadership presentation series, Dr Adrian Camm, Principal of Westbourne Grammar School, led a session on building a strong digital, data, and cyber security strategy. Through the session, Dr Camm stressed that an effective digital environment is meaningless if it isn’t secure.
“A thriving digital environment will never work if you can’t keep it safe and secure,” Dr Camm asserted. To do this, it is vital that schools consistently and thoroughly reassess their current cyber security maturity, establish or refine clear protocols, and make sure all staff are kept up to speed on cyber awareness.
Dr Camm’s top tips to ensure a secure and effective digital environment:
- Regularly back up data and ensure backups are tested.
- Enable multi-factor authentication (MFA) for everyone.
- Budget for a Managed Detection and Response (MDR) solution.
- Develop and practise a comprehensive incident response plan.
As the presentation drew to a close, Dr Camm shared important advice: “It’s not a matter of if, but when a cyberattack will happen,” Dr Camm warned, and for when it does happen, having a well-rehearsed incident response plan can help you protect your school’s sensitive data, critical learning systems and most importantly, reputation.
How we’re supporting school cyber security
At Compass, we understand that keeping your school’s data secure is crucial. Reflecting on the insights during our recent visit to EduTECH 2024, we’re proud to provide industry leading school management software that also protects schools against evolving cyber threats.
How do we do it? Our platform includes:
- Multi-factor authentication (MFA) for secure access.
- AI and machine learning to monitor activity and restrict access from high-risk regions.
- Top-tier certifications, including PCI-DSS Level 1 and ISO27001, ensure we meet the highest security standards.
We also conduct regular security audits and work closely with schools to address potential risks, providing comprehensive support to keep your data safe.
Moving forward with confidence
EduTECH 2024 offered valuable insights into the changing landscape of cyber security in schools. But what was the core message echoed across the whole event?
Cyber security isn’t just an IT issue – it’s something the entire school needs to get behind.
By taking a whole-of-school approach and making sure everyone is on board, schools can create a secure digital environment that supports education while protecting their assets.
With the right strategies in place, schools can lift up their digital environment with confidence and security to provide the best possible learning outcomes for their students.