Information Security and Schools

I write this after just logging a member of staff off from an open access computer, yet again…

I find it really quite frightening about the lack of any form of data security awareness in any of the schools I have worked in. Of course, I’m not going to name them, but this is five primary schools, and one secondary.

Regularly, in schools, I will find email passwords, MIS passwords, Windows logon passwords etc stuck around the monitor, staff will not usually change passwords if they can help it from the default one, and similar things.

What truly frightens me, is when I see members of staff leaving the MIS product open on screen, with data, viewable to all.

I used to work for one of the big banks – and I know for a fact that if we walked away from our computer, even just to the printer (which was about 5 steps away for me), we HAD to lock our workstation – or else face a rather strong word from our Team Leader, or worse, if the tech team got their hands on the machine first… our screen would be upside-down when we got back!

I know from experience that most people who work in a school environment are very complacent when it comes to data security – until you get to the network manager!
The problem then unfortunately arises that teachers do not want to be “inconvenienced” by automatic workstation locks, or by screensaver cut-ins, as they then have to unlock the station before they resume teaching (naturally, this is only a problem where classrooms have IWBs or data projectors!) – and this is unacceptable for them… Which in a way, I can be sympathetic about, but equally, there’s give and take – if you are going to walk away from a computer with it unlocked, there needs to be some form of protection for the system and what you leave on the screen.

What really shocks me is the apathy of people! When you tell them that “You just left all that exam data open on the screen for anyone to see” etc, people don’t really seem to care! The standard response is “Oh, no-one could have seen it, I was there the whole time” or “Oh, but I locked my door!” when you can see the screen clearly through the window…

Personally – I think that maybe we need to think of some form of compromise – maybe even use something like the NHS do, with a smartcard based logon system? I believe that all members of staff are required to wear an ID card (I know I am!), so why not have it with a chip, and require it to be stuck into the keyboard when they want to login? This also resolves the issue of students maliciously logging into accounts, etc…

Would love to hear thoughts and maybe rants about what’s happening at your schools?


Leave a Reply