Filtering and monitoring have become hot topics for schools following the recent update to Keeping Children Safe in Education. The new guidance has highlighted (through support from the Safer Internet Centre) what makes educationally appropriate filtering and monitoring in the light of other legislation that is now affecting schools, such as the Counter Terrorism and Securities Act.
The aim of this is to explain the filtering offered by ICT4C through Smoothwall and to help clear up some misconceptions that are going around with regards to monitoring.
Any school using ICT4C’s filtering solution, whether done through onsite server facilities, or our cloud based Smoothwall solution, is secure and meets the requirements laid down with regards to Child Abuse images and Content (CAIC) list. This is managed by the Internet Watch Foundation (IWF) and is Integrated with the ‘Police Assessed List of Unlawful Terrorist Content which is produced on behalf of the Home Office’ and managed by the Counter Terrorism Internet Referral Unit (CTIRU). Both of these are highlighted in the guidance issued by the Safer Internet Centre (SIC) which are referenced in the September update of ‘Keeping Children Safe in Education’. So the filtering of content is a good as any solution can be.
Currently we are able to respond to any requests from the Police to a Regulation of Investigatory Powers Act (RIPA) based on an IP request to identify an individual user, this can be done by working with your on-site technical team. It is key to ensure that the technical support team for the school are able to match users against an IP address which may involve all users having a unique login. For younger pupils this may raise concerns but there are steps that can be taken such as a developmental approach to passwords, or teacher retained passwords. We would however advise the removal of class based accounts in order to avoid potential issues.
The new guidance has identified that an appropriate feature is to produce reports or log files of internet activity which the school can use for effective intervention. For schools who have an onsite filtering server, the ability to serve these report/log files is already in place as along a full Active Directory (AD) is in place and can be managed directly by the school. These reports are regularly updated as part of the schools’ contract with ICT4C/Smoothwall.
However, for our cloud based service users we recognise that this is not as easy, comprehensive and as prompt as we would like it be. So in response to this for our cloud based solution, we are currently implementing the technology to facilitate a new functionality known as ‘multi-tenant’. This will allow schools to produce the reports of individual user activity making this a much simpler process. This implementation is currently under way, and having confirmed the position with both Smoothwall and our Chief Technical Officer, this will be complete for all schools filtered through our cloud solution by April next year, with some schools able to service requests from October half term. This update is an integral part of our service and does not require a school to purchase any additional services or software to be able to comply with the new requirements, it is included in the cost of the service we provide to our schools.
This change will not affect the content filtering aspect of our service as we currently meet all those requirements described in the SIC Appropriate Filtering guidance, however it will provide the additional requirements explained in the Appropriate Monitoring document around internet monitoring and the ability to report against specific categories.
For the school to benefit from user name logging there may be a certain amount of work required by the technical support team who works with your school, including potential firewall changes at the school level. This information will be shared with the school by our technical team as soon as possible to enable the work to be implemented in a planned approach.
What should be highlighted from new guidance document is the increased expectation being laid down about school’s ability to monitor activity on its network and that of users on 3G and 4G devices. So let’s start with the first apect, that of school owned network provision. The guidance has been developed to give schools options around this rather than laying down one single approach. The approach adopted by a school should be rooted in the self-review it has undertaken around as part of the CTSA and its own Digital Safeguarding of both staff and students. Depending on the outcomes of this, the correct approach will be identified.
If the school identifies high risks around extreme behaviour, radicalisation, cyberbullying, youth produced sexual images (sexting), child sexual exploitation or other online issues then they may wish to consider a technological solution. Bear in mind that not all staff might be confident enough to identify these issues and language barriers also need to be considered.
If the school identifies a low risk of the above and staff are confident that they are able to monitor the activity going on through good staff awareness and classroom practice then a more human base approach may be adopted. Both of these options are highlighted in the SIC guidance and one is not seen as the preferred option. At the end of the day, the school knows its strengths and weaknesses and the issues affecting its young people and makes the choice based on that. The main point here is that is can justify it decision through thorough self-review. As mentioned at the beginning of this section, no one is dictating a preferred solution, it is down to the school to identify what it needs to keep both its children and staff safe as well as meeting any legal requirements.
The monitoring of mobile device traffic (3G/4G) highlighted in KCSIE is more of an issue as this requires a more technical approach. Again when considering if a school requires a technical solution, it should refer to its self-review. In many cases with younger pupils this will probably not be an issue as access to the appropriate technology will be limited and usage is more easily manage, however consideration may need to be given around adult users within the school. If a school identifies that this is something that they require, solutions are available that allow social media to be monitored and should you require more information on this please don’t hesitate to get in touch.
As an organisation, we are acutely aware of the regulations and expectations coming through both the Home Office and the Department for Education and as such we regularly engage with the IWF and SIC, attending meetings with both organisations as well CEOP and the National Educational Network Safeguarding group. Through this engagement we are able to keep our technology up to date as well as the keeping schools we support up to date with the latest information on Digital Safeguarding.
If you have any further questions, or would like more information about our filtering solution then please do not hesitate to get in touch on 0300 303 89 50 or email email@example.com
Ransomware is the no.1 malware attack affecting organisations today. It encrypts your files and holds them hostage until the ransom is paid, causing massive disruption to school productivity.
Sophos Intercept features CryptoGuard, which prevents the malicious spontaneous encryption of data by all forms of ransomware – even trusted files or processes that have been hijacked. And once ransomware gets intercepted, CryptoGuard reverts your files back to their safe states.
Build Your Next-Gen Endpoint Protection
The days of straightforward file scanning are long gone. Your goal is now to prevent threats from reaching your devices, stop them before they run, detect them if they have bypassed preventative methods, and not just clean up malware, but analyze and undo everything it does to your endpoints.
Sophos Intercept X uses multiple layers of technology, allowing you to create your own tailored next-generation endpoint security solution.
Protect Vulnerable Software
Anti-exploit technology stops threats before they become an issue by recognizing and blocking common malware delivery techniques, thus protecting your endpoints from unknown threats and zero-day vulnerabilities.
Effective Ransomware Detection
CryptoGuard technology detects spontaneous malicious data encryption to stop ransomware in its tracks. Even if trusted files or processes are abused or hijacked, Sophos Endpoint Protection will stop and revert them without any interaction from users or IT support personnel. CryptoGuard works silently at the file system level, keeping track of remote computers and local processes that attempt to modify your documents and other files.
Root Cause Analysis
Identifying malware and isolating and removing it solves the immediate problem. But do you really know what the malware did before it was removed, or how it was introduced in the first place? Root cause analysis shows you all the events that led up to a detection. You’ll be able to understand what files, processes, and registry keys were touched by the malware and activate your advanced system clean to rewind time.
Add Next-Gen Protection to Your Traditional Security Sophos
Intercept X compliments existing anti-malware and antivirus implementations delivering powerful next-gen anti-exploit and anti-ransomware protection traditional products lack. By eliminating the attack vectors which traditional solutions don’t block, Sophos Intercept X helps to harden your security posture and increase resilience.
Plan ahead for 2016-2017 with our free academic calendar.
These handy A3 calendars have been tailored to include the school holidays for your local authority. What’s more, if your authority isn’t availiable then just get in touch and we’ll happily create one for you.
CyberPass is an online education tool that your pupils can work through to learn skills and techniques on how to be safe users of online technology. It includes quizzes, videos, activities and assessments to support learners.
“It has given my children a fun way to learn about the good and bad bits of the internet.” Caroline Watson
With over 15 years developing high quality, media rich education tools for children, CyberPass was developed by educators and educational technologists from Australia and the UK.
Do you know your keylogger from your botnet? Test your knowlede with our Sample Quiz.
CyberPass is £7 per pupil for 12 months subscription and we provide discounts on multi-year subscriptions. You only pay for the pupils that you wish to enrol (generally Key Stages 2&3) and Teachers and Staff are free. Click here for further information.
We’ve negotiated extra functionality and preferrential rates so that you can relax knowing that your network and devices are protected for the next 5 years.
End user protection
Sophos Endpoint Protection makes it simple to secure your Windows, Mac and Linux systems against malware and advanced threats. The next-generation integrates malicious traffic detection with real-time threat intelligence to help you prevent, detect and remedy threats with ease.
Mobile Device Management (MDM) offers an intuitive management console to oversee apps, devices and data on phones and tablets. This delivers comprehensive security, from superb anti-malware to encrypted file sharing for sensitive documents.
Sophos secure email gateway is an all-in-one solution for email encryption, DLP, anti-spam and threat protection. It provides advanced protection from today’s sophisticated phishing attacks and gives you full control over data leaving your school via email.
Sophos full-disk encryption is available for Windows and Mac, enabling you to protect your data, simplify management and maintain an audit trail.
What is the benefit of upgrading to Sophos Enterprise?
Encryption Enterprise According to the Ofsted 2014 ‘Inspecting eSafety’ document, inadequate practice is highlighted as allowing personal data to leave the school without encryption. With Sophos Enterprise Encryption you can make sure that any data leaving via laptops, removable media and the cloud is securely encrypted.
• Secures sensitive data wherever it is stored: laptops, USB devices, network shares or even in the cloud
• Makes regulatory compliance easier with policy enforcement and reporting
• Lets authorised users share data securely and easily
• Saves time using the central console for data protection policy definition and management
• Manages all devices in the organisation from one place
• Uses the latest technology to make sure that encrypted machines are faster than ever
• Secures the exchange of data on removable media with your business partners, even if they don’t have a Sophos installed
Get in touch on 0300 3038950 or email firstname.lastname@example.org for more information or to get a quote.