Your school has experienced a number of challenges lately from the digital world. These include episodes of online bullying, incidents of sexting, attempted hacking, and changes of behaviour in pupils. There has also been a local school in the area that has been subject to Ransomware. What should the Governors be doing and how can these risks be identified and mitigated?
The risk to schools from the online world is not going to go away – all indications are that it will increase. Governors need to consider this regularly and make sure that the school is as prepared, as possible, to face the threat.
- The legal implications. Get regular briefings from the lawyers about the latest regulation on the use of computers, data protection and online safeguarding. If you haven’t already appointed a Governor responsible for online behaviour and IT, appoint one! Some detailed knowledge of the Cyber world is becoming absolutely vital, particularly when Governors may have many years of life experience, but are from the pre-digital era.
- Understand the ISI regulations. Use the recommended policies for online safety, social media behaviour, and safeguarding and carry out regular reviews within your school to ‘drop-test’ the procedures. It is not good enough just to have a policy to refer to. Test them.
- Check that the school has a strategy for Cyber safety education appropriate for all ages. Evidence shows that the major year at risk for challenging online behaviour is year 7, increasing from year 5 to 6, and reducing as pupils move toward the sixth form. It is imperative that the children understand the risks. Make sure it is there for all year groups. Get the Governors to undertake this as well.
- Use judgement. It is very easy to criminalise pupils for sexting and inappropriate behaviour. Is this really an outcome that the school wants? Talk to the local police and Safeguarding officers to understand the criminal law and their approach to this.
- Talk to the pupils. Whether Governors like it or not, the pupils are the experts in the operation and abuse of online facilities. Again, research would show that they understand the risks far better than is assumed, that they do find some of the online content both repugnant and scary, and don’t always have the strategies to deal with it.
- Online bullying. Bullying is one of the oldest and most unpleasant behaviours. Online bullying is actually a development of the old playground behaviour of putting the victim in Coventry, excluding them from groups, and humiliating them in a very public arena. It should not be seen as a separate issue, but included as part of PSHCE.
- 24 hours.The big challenge for everybody , pupils, staff and parents, is that online behaviour is 24hrs and therefore can quickly get oppressive and have dark consequences. There is no escape. Pupils can’t go home and get away from the pressures. Do you have training for the parents and the staff?
- Mental health education. Invest in this for your staff and for the parents. Understanding the signs and early behaviours of depression and other conditions, is vital. Don’t be remote and hide behind the policies.
- Online risk also includes the school system. There is a recent case of a very large and well-known Independent School being held to ransom and losing systems for more than a week. Do you have a strategy in place to deal with this? Quiz the IT Director and invest in cyber security.
- Consider an external assessment of your systems. There are reputable companies available who will assess them and if necessary do some external ‘friendly’ hacking to see how vulnerable your school is. Failure to protect can have dire consequences both on the teaching and learning, reputation and financial status of the school.
The Cyber world is ever changing and the need for regular review is paramount. Cyber threat must be high on your risk register and practical strategies defined to mitigate the risk. Sadly, some of the best brains in the world are working malevolently – meaning there is no fool proof protection. Keeping up to date, keeping policies under review, educating children at an appropriate level at all ages, and getting external checks to your systems will help your governing body fulfil their responsibility for the safety of the school.