How secure is your school’s data?

by Brett Henebery29 Jun 2015

Solomon Box is Ormiston College’s manager of ICT. Prior to his current role Box was a member of an ICT managers’ educators program which met to discuss the broad picture of ICT security in schools.

Box said that some schools are operating with the bare minimum of ICT security, potentially leaving themselves vulnerable to dangerous malware and viruses.

“There are schools out there that do the minimal filtering with a free virus scanner or just a home version of the program,” Box told The Educator.

“Some of those schools often don’t have a dedicated ICT manager and are simply making do with what they’ve got,” Box explained, adding that he was fortunate enough to work in a school that is strongly focused on ICT security.

Box said that while no system is 100% secure, the data at Ormiston was very well protected from cyber threats, adding that advanced anti-virus and anti-malware programs such as Netbox Blue and Microsoft System Centre Endpoint Protection have been an integral part of Ormiston’s ICT security.

“It’s about isolating the threats into different categories. There is malware software and hackers trying to get in to our network, and that is where Netbox plays a large role in preventing that from happening.

“On every student laptop we’ve got a Netbox client and a Microsoft System Centre Endpoint Protection anti-virus client. Netbox is like the gatekeeper that prevents access to dangerous or age-inappropriate websites, and Microsoft System Centre Endpoint Protection is what alerts us to suspicious files.

Box said that cyber education is crucial to identifying the risks involved, explaining how information sessions with students and parents ensure that the technology is being used safety not only in school but also at home.

“Our dean of e-learning, Tamara Sullivan, provides information sessions to staff every year. There are also parent information evenings we hold annually for parents to get involved and understand the threats they have to be aware of,” Box said.

The filters running through Netbox Blue provide the college staff with alerts relating to any possible threats to students.

“There’s a function called safe chat which monitors metadata. For example if a student is considering self-harm or engaging in cyber-bullying, the program can pick up on that and send some warning emails to counsellors at the school,” Box explained.

“Our deputy head of senior school actively monitors those emails and if there is anything that needs to be escalated he’ll give it to the counsellor.

As for the software installed on students’ laptops, Box said that if the system suspected a paedophile was chatting to a student, it would automatically shut down the chat and prevent it from continuing.

However, Box said that such technology can also raise false alerts.

“Someone might be doing an assignment on racial hatred and may Google certain phrases that could cause the system to flare up, but that’s when the human side of it comes in,” Box said.

“When the deputy head of senior school reviews it he will know whether it’s an assignment or not and use his discretion as to whether to pass it on to a counsellor or not.”

Responding to privacy concerns about this kind of monitoring technology, Box said it is not designed to be intrusive but rather provide a versatile way of ensuring that student data is secure.

“The way we run ICT here is not like Big Brother. It’s not blocking everything, only the ultra-nasty things that we really worry about online.”


  • by ICT Manager RBHS 29/06/2015 10:53:41 AM

    Curious about the use of Microsoft Forefront...why?
    It is a discontinued product (now several years out of date).
    We used to use Forefront but have now moved to a Hardware Firewall / Threat management gateway called Watchguard.
    In our school we have the XTM 850 model.

  • by 29/06/2015 11:12:52 AM

    One of the biggest concerns about the privacy of personal data belonging to children comes from handing that data to internet application providers. Often these providers provide no information about how they use the data belonging to minors (or anyone else), the offer no guarantees for how any of the third parties they deal with handle the data and the data is quite probably outside of any jurisdiction that Australian Courts have any access to issue any sort of order to monitor, restrict, retrieve or delete.
    These application providers respresent the interests of large multi-national corporations, foreign governments and the persons these entities serve. It is unlikely their primary interest will ever be the minors of a foreign country. It is unlikely that the data these organisations handle about Australian children is tracked and that it is even possible to hold these organisations accountable for privacy breaches.
    The Privacy Act 1988 (Cth) provides special protections to data belonging to underage persons, but it seems this Act is flouted on a daily basis by the educational institutions responsible for the well being and protection of our children.