The use of remote learning and cloud-based software in schools can bring significant cyber security risks. Alongside their own cyber security protocols, schools and trusts should evaluate those of EdTech providers, ensuring cyber security standards for digital learning.
The rapid shift to online and remote learning during the pandemic required dramatically expanding educational technology usage in schools. Without proper vetting, EdTech platforms can expose school systems to serious cyber security risks. Recent ransomware attacks and data breaches impacting schools highlight the growing imperative to evaluate cyber safety when adopting new technologies.
Schools and trusts must make cyber security a key criterion when selecting EdTech vendors. Specifically, they should require providers to demonstrate compliance with established information security standards and frameworks. This includes outlining their security controls, breach response plans, and third-party risk management programmes. Schools and trusts can refer to frameworks such as NIST 800-53 or ISO 27001 to gauge the maturity of an EdTech company’s defences.
Questions to ask
How is sensitive student data encrypted in transit and at rest? What access controls are in place?
What employee cyber security training do you conduct?
Have you received third-party validation of your security posture, like audits or risk assessments such as Cyber Essentials and vulnerability checks?
What are your incident response and breach notification procedures?
Schools should be wary of any provider unwilling or unable to prove robust security protections.
Benefits of regular review and oversight
Additionally, schools should perform ongoing oversight of chosen EdTech vendors through audits and mandatory breach reporting. Refresher security reviews help address evolving threats.
By establishing rigorous standards for evaluating and monitoring EdTech, educational institutions can tap into remote learning technologies without introducing intolerable risks. Cyber secure EdTech deployments lead to safer digital learning environments for students. Schools and MATs that make vendor security assessments and oversight central to their technology adoption strategy set themselves apart in protecting their systems.
Further reading:
