The impact of BYOD on data security in schools

Schools are now more than ever before in possession of a huge amount of personal and sensitive data about both staff and students. This can include data such as exam results or private medical information. Therefore, the importance of securing this data within school IT systems goes without saying; it becomes increasingly critical because many educational institutes have recently begun to embrace the new trend of Bring Your Own Device (BYOD).

Insight have identified that there are many advantages of introducing a BYOD policy within schools, these include:

Reduction in technology budget

By allowing students to bring in their own devices, schools are alleviated from the costs involved in the upkeep and maintenance of the devices, for example repairs, upgrades etc.

Bringing education back into the 21st Century through reducing the digital divide

The new way of learning seems to favour digital learning. Devices in the classroom have shown opportunities to allow students to engage and communicate better.

24/7 learning

With BYOD, student have access to the device, both at home and in the classroom. This will encourage learning at any given time, which can motivate students to learn more efficiently.

Although there’s no denying the fact that introducing BYOD within schools is an exciting and potentially prosperous venture; it is important to consider the data security risks and challenges it brings along with it. Insight have identified that there are a few flaws that need to be addressed when considering to adopt BYOD, they include:

Cost of BYOD

Implementing BYOD requires expenditure in terms of upgrading IT infrastructure and ensuring the network can support and handle BYOD without crashing the system.

Security and viruses

Many of the websites favoured by students are social media sites (e.g. Facebook, Twitter etc.); which are often targeted with malware and viruses. Therefore, it is important to ensure the appropriate protection is in place on the device itself. This can include latest virus protection updates, implementing a password policy, ensuring time out in terms of locking the device and in the worst case scenario, the ability to completely wipe the device.

Does everyone want to be involved?

In order for a BYOD programme to work effectively, everyone within a school needs to be on board; this includes teachers, students and other stakeholders. Without this support, BYOD wouldn’t be enrolled properly and the investment made, would be for nothing.

There are an abundance of actual physical devices that students could bring to school, they include devices such as laptops, notebooks, mobile phones, tablets, phablets and the list goes on. They all have their individual security concerns that schools would need to contend with, for example data and information security issues including forgotten passwords, unpermitted access, data loss and manipulation, viruses/malware and so forth.

As with any introduction of a new technology within schools or even businesses, there are always both high risks and anticipation involved. Therefore the solution is to minimise the risks and thus when the technology is implemented; it is managed, controlled and most importantly, monitored accordingly. These perceived data security risks and threats would cause a huge concern for any school and can perhaps act as barrier to entry in terms of implementing BYOD. However there is huge potential for all, therefore the question that does arise is can BYOD be the security concern that it has built up a reputation for?

What must be considered is the necessary changes that are needed when allowing BYOD and this will perhaps affect cloud security and mobile devices in the first instance before leading to further questions such as: how can a school control a device that isn’t owned by them? How are we to ensure data safety, security and availability from those devices used by students? How is it possible to manage a number of different devices over the school’s network?

To ensure high levels of security, all data must be kept safe and only those with the necessary permissions can access the information. Data must also be archived in such a way that it is kept secure and the chance of it being lost, destroyed or manipulated is kept to a minimum. If data is protected correctly, then automatically, users are protected.

When introducing BYOD into a school, it is important schools set up formal policies. These policies need to reflect the change BYOD brings and it is imperative to ensure both students and staff sign this agreement in order to ensure data security. Importantly, this policy should make clear definitions as to what is acceptable and what is not, with regards to both usage and behaviour and this applies to both teachers and students.

With BYOD, it is important to create a balance between ensuring high levels of security and ensuring students have the best possible learning experience.

Not all schools are favouring the adoption of BYOD, however it is clear that BYOD is now becoming inevitable with the influx in technology. Therefore, it is important to ensure they are managed accordingly. Through correct implementation, with full and thorough understanding of the underlying issues, policies and procedures, BYOD can improve the learning and education experience without posing security threats to the school, teachers and students.

Lee David Painter, CEO Hypersocket Software