Cyber Security In Education
7 October 2021
Technologies are playing a crucial role in keeping our society functional, especially in times of lockdowns and quarantines. This increased reliance on technology has also brought with it a rise in cyber-attacks, in all areas of our life, including education. We know of centres who have had problems accessing their learner evidence or who have had learners who were unable to complete their studies due to technical issues.
Over the past 18 months, AIM has provided support to these centres, and we encourage everyone to take some proactive steps to protect themselves and their learners against cyber-crime.
Passwords provide the first line of defence against unauthorised access to your computer and personal information. The stronger your password, the more protected your computer will be from hackers and malicious software. Using a unique password for each account means that even in the event of a data breach in one of the services you use, your other accounts are not at risk. Ask AIM to change your password for systems like Quartz if you think you might be at risk.
Consider where you store information such as learners’ evidence. Is it on your own servers or do you use cloud services? Do you know where that information is actually stored or how secure it is?
At its most basic, the cloud refers to any type of software or service that isn't located on your personal computer or devices but instead runs on the internet. The data that you save on cloud services are stored on the servers of third parties, companies such as Amazon, Google, and Microsoft. You can then access the data whenever you use a device connected to the internet.
These servers are usually located in warehouses that you, or other workers, won’t have access to and the files are encrypted or scrambled, which makes it far harder for cybercriminals to access. Your cloud service should have:
- consistent security updates
- built-in firewalls
- ultra-backed-up data – so if your cloud provider suffers a natural disaster or large-scale outage you can still access your data
What precautions can you take to boost your cloud security?
- encrypt your data
- enable two-factor authentication
- perform regular data backups
The main reason for data backup is to save important files if a system crashes or hard drive failure occurs. You should also consider additional data backups if the original backups result in data corruption or hard drive failure. If everything is only stored in one location, it could mean the potential loss of all of your centre and learner information. In the worst-case scenario, the exam or quality assurance activity could coincide with the cyber-attack with the potential to impact your learners' achievement as they might be unable to complete their exams or present evidence for final certification.
Centres have a requirement to retain learner evidence after certification, often for a long period of time so it is essential you have the correct procedures in place to store this information securely.
Centres must inform AIM of any issues as we have a responsibility to inform Ofqual of incidents where learner achievement has been impacted. Where there is a negative impact on the learner’s achievement due to the disruption or access, we can support with alternative access to resources or communication activity.
Help and advice
Please contact your Centre Lead or External Verifier for help and advice. They may also want to ask about your data storage practices and policies during your interactions, so make sure you’re up to date and Cyber Aware.