Three ways for AIM centres to stay safe online
13 October 2022
Our reliance on digital technology has increased over the past few years with consumers looking for more convenient channels in which to work, live and study.
Organisations and education establishments have become more accustomed to online activity than ever before as a new era of hybrid working, online course delivery and virtual assessments are now considered the ‘new norm’.
Whilst digital innovations continue to evolve to keep up with this demand, unfortunately, cyber and malware attacks on businesses and education establishments are also on the rise. However, there are steps our centres can take to reduce the risk of an attack from occurring.
Passwords provide the first line of defence against unauthorised access to your computer and personal information. The stronger your password, the more protected your computer will be from hackers and malicious software. Using a unique password for each account means that even in the event of a data breach in one of the services you use, your other accounts are not at risk. Ask AIM to change your password for systems like Quartz if you think you might be at risk.
Consider where you store information such as learners’ evidence. Is it on your own servers or do you use cloud services? Do you know where that information is actually stored or how secure it is?
At its most basic, the cloud refers to any type of software or service that isn't located on your personal computer or devices but instead runs on the internet. The data that you save on cloud services are stored on the servers of third parties - companies such as Amazon, Google, and Microsoft. You can then access the data whenever you use a device connected to the internet.
These servers are usually located in warehouses that you, or your colleagues, won’t have access to and the files are encrypted or scrambled, which makes it far harder for cybercriminals to access.
Your cloud service should have:
- consistent security updates
- built-in firewalls
- ultra-backed-up data – so if your cloud provider suffers a natural disaster or large-scale outage you can still access your data.
What precautions can you take to boost your cloud security?
- encrypt your data
- enable two-factor authentication
- perform regular data backups
The main reason for data backup is to save important files if a system crashes or hard drive failure occurs. You should also consider additional data backups if the original backups result in data corruption or hard drive failure. If everything is stored in one location, it could mean the potential loss of all of your centre and learner information. In the worst-case scenario, the exam or quality assurance activity could coincide with the cyber-attack with the potential to impact your learners' achievement as they might be unable to complete their exams or present evidence for final certification.
Centres have a requirement to retain learner evidence after certification, often for a long period of time so it is essential you have the correct procedures in place to store this information securely.
Centres must inform AIM of any issues as we have a responsibility to inform Ofqual of incidents where learner achievement has been impacted. Where there is a negative impact on the learner’s achievement due to the disruption or access of evidence, we can support it with alternative access to resources or communication activity.
Help and advice
Please contact your Centre Lead or External Verifier for help and advice. They may also want to ask about your data storage practices and policies during your interactions, so make sure you’re up to date with the latest legislations and Cyber Aware.