Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Protecting Students, Staff and Schools

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

The Big Three in Education Web Security Acceptable Usage Policy (AUP)

A clear communicable policy of ‘Who, Where, What and When’ is acceptable

Dynamic Web Content FilteringA systems that delivers the AUP and provides control, monitoring and reporting

Malware ProtectionConstantly updated software that protects your users and your network at the web gateway (as opposed to individually at the PC) from malware threats

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

So what can possibly go wrong?(In approximate order of likelihood); Malware Infection Student / Employee / Guest Misuse Data Loss / Damage Data Protection Breach Operational Continuity Failures Criminal / Civil Law Infringement

?

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Malware Infection Spamming, Denial of Service attacks, identity theft, email

spoofing, storage of illegal data/images, damage/erasure/theft of data, ad serving, scareware (cryptovirology), SEO abuse, DNS poisoning, phishing, bypassing security and authentication, software licence theft …

Via >>> Botnets (‘zombie computers’), rootkits, trojans, worms,

backdoors, droppers, keystroke loggers, spyware, adware, dialers …

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Student Misuse Accessing inappropriate content Inappropriate behaviour and bullying Social Media abuse/misuse Illegal file sharing / copyright theft (music, video and software) Identity theft Excessive bandwidth consumption (media)

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Employee Misuse Time Wasting (Social Networking/Shopping/Surfing) Harassment / bullying / inappropriate social behaviour Accessing and distributing inappropriate content Illegal file sharing / copyright theft (music, video and software) Excessive bandwidth consumption (media) Data loss / theft Breaches of Data Protection Act Breaches of Confidentiality and Trust

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Network ‘Guest’ Misuse Responsibility for guests on-line Health & Safety lies with the

host Inappropriate guest activity on a school’s network could become

the responsibility of the host Malware infection Excessive bandwidth consumption (media)

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Data Loss Malware

- Data Theft / Deletion- Cyptovirologic Extortion

Data is encrypted by a virus then a payment is extorted for the decryption codes

Identity Theft Breaches of Data Protection Act Data and Information Theft by Employees/Contractors

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Operational Continuity Failures Loss of earnings through ‘downtime’ Time, energy and money wasted in restoring status quo Network disinfection post malware attack Human and emotional costs Restoration of damaged reputation Servers and computers seized in criminal investigations Potentially huge legal bills

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Criminal / Civil Law Infringement Health and Safety – the behaviour of your employees and students can

impact on their mental and physical health Vicarious Liability – you can be liable for things your employees and

students do on-line even though you haven’t sanctioned them Negligence – if you fail to take reasonable and appropriate steps to protect

others you could be considered negligent Data Protection – you are required by law to conform to the DP Act Copyright Infringement – anybody sharing music/movies on your

network? Paedophilic Material – it is a recognised fact that work place computers

are used to store illegal material

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

What can you do about it? Remember that web security doesn’t only belong to the

IT department Create a web security policy, implement it and constantly review it Have a robust, well communicated and effectively policed

Acceptable Usage Policy Continuing education of all your users to the threats on the web Use effective control and reporting tools

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Hot Topics

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

E-Safety Law in Independent Schools

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

E-Safety Law Usage of the web should risk assessed in the same way

as any other school environment e.g. gym or science lab The law makes clear distinctions as to who is responsible for

delivering e-safety at work (and in the school environment)The Head Teacher and Board of Trustees/Governors cannot delegate it

Using appropriate processes and technology can significantly reduce the threshold of legal liability and most importantly protect students and staff

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Building Flexible Filtering and Web Access Policies

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Designing Flexible Policies For students:

- age, year, subject and location specific- differentiate work time and personal time

For staff:- work time, personal time and role specific- teacher control of web content in the classroom

For guests:- what is acceptable under your ethos and culture?

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Mobile Device Integration &Bring Your Own Device Schemes

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Mobile Device Integration iOS (iPad) and Android devices present new challenges –

especially multi-flavoured Android ‘Locked down’ browsers are currently the most effective method

of ensuring content is controlled

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

BYOD Schemes The use of personal mobile tech in schools is inevitable Easy access to fast school filtered Wi-Fi will help reduce 3G

network use Protecting from malware at the gateway is currently the most

effective strategy Continuous education to students, staff and parents about on-

line threats is the best approach

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Devolved Content Management

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Helping Teachers to Teach Each web page should be dynamically scanned for inappropriate

content based on the policy set for the user or group Uncategorised web content can be unblocked by teachers in the

classroom (not IT) without overriding ‘red-line’ policies Resources like YouTube and Google search can be safely used in

the classroom Full visibility of on-line activity and accountability can be

maintained without constant IT interaction

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Managing Social Media & Content

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

YouTube.com/education A hugely valuable resource of ‘safe’ educational material Schools can add their own approved content to their ‘channel’

and restrict access to the rest of YouTube

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Managing Social Media ‘Read Only’ Facebook – a policy driven ‘look but don’t touch’

approach allows Facebook to be integrated positively into the school environment

Instant Messaging Management and Censoring – enables useful communication tools to be properly managed and users fully accountable

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

What’s Next?

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

Our Crystal Ball … Integration with social media and content platforms Mobile device filtering to include 3G Improved sharing of approved / whitelisted content

between teachers and schools

Copy

right

Sm

ooth

wal

l Ltd

& S

moo

thw

all I

nc 2

001

– 20

11 |

All

Righ

ts R

eser

ved.

ContactsCarly Lynsdale – Independent Education Executivecarly.lynsdale@smoothwall.net0113 3874178

Sean Lazenby – Education Sales Managersean.lazenby@smoothwall.net0113 3874183