Teachers Warn Students ‘Can Hack Into School Servers’

Almost half (47 percent) of teachers in the UK believe their students know more about IT than they do, and 18 percent revealed their students are able to hack into their school’s server to take or change data.

These are the finding of a study by endpoint security specialist Sophos, partnering with YouGov, in which 348 head teachers, deputy heads and other senior teachers from both primary and secondary schools were interviewed.

Data loss

Just over a third of the teachers surveyed (34 percent) said that when it comes to IT security in their school, data loss was the biggest worry. Separately, 29 percent said that there had been increased awareness in the past three years of data security, specifically due to high profile data security breaches in the news.

The research discovered that just a quarter (27 percent) of teachers are aware that their school has some form of encryption in place to protect data. Sophos said this is consistent with its experience of working with schools that have to juggle multiple priority projects competing for limited budget, and highlights a serious gap in the armour of schools’ IT security and data protection.

The need to be prepared for the General Data Protection Regulation (GDPR) is especially concerning for schools as it will place greater legal requirements on them and their suppliers with regard to data protection, according to Sophos.

The penalties are far more severe than the current data protection directive and any schools that are not compliant with the new data protection policies could face fines of up £500,000 imposed by the Information Commissioners Office (ICO), as well as having their Ofsted ratings downgraded.

Teachers apear to be in a false sense of security, with 80 percent of them saying they are confident in their school’s ability to protect students from online threats while in school, but many do not have basic security measures in place.

More than half (52 percent) of the teachers surveyed said their school does not currently use a system to monitor students’ activity on school owned IT devices, or they are unaware of any monitoring system used, begging the question of how schools are managing to protect students.

Forty-seven percent of teachers also said additional training would help them to be more confident about their ability to protect students from online threats, and 34 percent of teachers think more tools to monitor students’ online activity at school would make them feel more confident about protecting students online.

Twenty-two percent of teachers also point to phishing attacks as a major area of concern, and 21 percent cited a lack of security due to students using their own devices – such as smartphones and laptops – on schools networks.

Oliver Wells, education manager at Sophos, said: “Often cyber criminals will spread their net wide, meaning that anyone can fall foul of an attack, but others will target specific sectors that appear vulnerable, such as schools. Whether it’s through a targeted attack, phishing or ransomware, schools are at a greater risk than ever of falling victim to a cyber attack, because in many cases years of juggling stretched budgets have left them without the layers of protection required to combat today’s complex threats.

“It’s definitely an issue that most of the schools we talk to are aware of but with so many other competing issues on their plate, it’s not always a top priority. However, the impending arrival of the GDPR in May 2018 means that schools really do now need to prioritise IT security because we could see hefty fines being handed out if schools can’t comply.”

How much do you know about tech in education? Take our quiz!