24 November 2021

6 GDPR Myths: Improving Cyber Security in Schools

LinkedIn Facebook Twitter
Giulia Tramontana

When it comes to cyber security, there are many rules to keep in mind and be aware of. This topic can sometimes be considered complex, and this may be why there are many misconceptions related to it. It is easy to step away from the problem because it is not currently affecting you personally, but it is also important to protect yourself from the potential risks you may face. A recent study carried out by London Grid for Learning (LGfL) and the National Cyber Security Centre (NCSC) showed that 83% of schools had encountered a cyber security incident. Children’s data is considered to be high-risk; because of this, it is essential that schools are proactive towards keeping their GDPR compliance.

Cyber Security in Schools: Risks and Misconceptions

A good way to start the process to achieve full GDPR compliance is to identify myths and realities involving cyber security.

The data I hold is not worth stealing

No matter what kind of data you hold, any of it can be considered useful by a hacker. Schools usually hold plenty of sensitive data about staff, children and their families, including personal information and payment details. Schools can be considered a target by hackers, so it is essential to keep the data as secure as possible. Any organisation is a target.

Security is too expensive

Many schools would argue that adapting a security measure would require them to spend too much of the money from their budget. However, if your school is not cyber secure, you are risking GDPR fines that can be as high as £17.5 million. Taking a strategic, risk-based approach can make security significantly more affordable. Investing in a security measure wouldn’t only reduce the risk of a data breach, it would also reassure your school community.

Cyber security is just about technology

Cyber security is essential because of the many requirements that come with technology, however, it is essential that people are trained accordingly to be safe online. Humans make mistakes: by accidentally clicking on a malicious link, a data breach can follow. Other common instances include clicking on phishing emails and ads.

Only IT should be aware of cyber security

IT certainly has a lot to learn and be cautious of when it comes to cyber security. However, every employee in an organisation should do the same, for the same reason mentioned above. Security is everyone’s responsibility. If more and more people get involved, others will be motivated to be educated and learn more about online safety.

Cyber threats cannot be internal

Another misconception about cyber security is that threats can only be external. External threats are real – but so is the internal threat. The most common sources of internal threats are not intentional, and they include weak passwords, unlocked devices and unsecured Wi-Fi networks. It is important to avoid these to be secure.

Phones cannot be hacked

Any device can be affected by viruses and malware. Phones can easily be hacked into because they are still connected to the Internet. Threats can often come from legitimate websites and even social media. Mobile devices are significant vulnerabilities too – not just your computers.

What should you do to be more aware of cyber security?

Acknowledging that these myths are only myths is already a great start to your cyber security strategy. These issues can be tackled easily and affordably. Once you are more comfortable with your approach to these risks, you can develop a more complex strategy to mature cyber defences.

Other important things to keep in mind to be secure are:

Creating complex, hard to guess passwords. Avoid common features such as names, dates of birth or simple, short words. Add as many special symbols and numbers as possible, and make sure to update your passwords regularly.

Not clicking on links and attachments from people you don’t know – even if it looks legit, it could always be spam or a virus.

Training your employees on data protection and GDPR regulations. As mentioned above, cyber security is everyone’s responsibility. You should also educate your pupils on how to be safe online.

In the event of a data breach, follow the adequate steps to record and report it.

Learn more about data protection on our GDPR for Schools page, where you will find downloadable and printable guides, posters and checklists for your school community.