How to create data security training for staff and students

However, it’s not just physical loss that can put data at risk. Schools are attractive targets for cybercriminals, since they hold student, financial and other data that can be used for a variety of crimes, from stealing money to identity theft. Moreover, it only takes a moment of inattention to cause a problem ⁠— like when a school’s administrative assistant clicked on an email link and unleashed a four-day cyberattack.

It’s All About the Users

The proliferation of bring-your-own-device (BYOD) policies and learning management systems (LMSes) means that there are more entry and exit points into school systems than ever before. That is why it’s vital that students, teachers, parents, and administration be on their toes when it comes to security.

It only takes a single incident ⁠⁠— a shared file, poor password management or deliberate data theft ⁠⁠— to kick off a chain of events that can escalate dramatically.

Training is the key. While it is important to have the full suite of security technologies installed on a network, it’s equally important to ensure all staff understand their responsibilities, and that the IT department enforces policies and procedures.

Responsibility Sits with IT

School IT departments should take the lead in training users about the risks their actions may present. That does not mean a one-off, in-one-ear-out-the-other approach. The most effective IT departments are not locked away in a corner of the school: they’re visible and known to the kids, and are brought in on in-class and staffroom training.

Best practices for such training include:

• Training early, train often. In IT, the goalposts are constantly shifting with new technologies, apps and potential threats. Additionally, staff, students and teachers come and go in a school, which means that training needs to be constantly updated.
• Keep it simple. Avoid unnecessary jargon and keep presentations non-technical. Concepts and terminology that are familiar to IT departments may be alien to end-users.
• Always explain. Unless a user understands why a rule has been put in place, they are likely to ignore it. IT departments need to give very clear explanations.
• Share examples. It helps to provide real-life examples of good practices (e.g. how to spot a virus-filled email) and bad (e.g. what happens when an email virus is unleashed). This helps make the consequences more real four the listeners. Even something as simple as sharing photos of students can have significant security ramifications.
• Involve the parents. Parents are increasingly being given access to learning management systems, and so they play an important role in protecting data security and their personal information. Make sure they understand the risks and how to mitigate them.

Training methods

There are a few easy ways your IT department can familiarize staff and students with data security:

• Create short videos of training basics, and make them readily accessible.
• Send fake malicious emails to keep staff and students on their toes.
• Partner with teachers to see how they might incorporate data security into their lessons.
• Keep communicating face-to-face with parents, teachers and students about data security.

The IT department needs to be vigilant in an increasingly online environment at schools. Are you communicating clearly enough? Do staff, students and parents understand the reasoning behind the requests? Do they have suggestions on how issues might be approached differently? Opening the lines of communication between IT and others can help build relationships that boost compliance, providing a vital layer of data security and making your school (and its data) even safer.