It's Way Too Easy For Hackers To Watch Your Kids Online At School
As a parent, it scares me to think that someone might be watching my kids at school. Waiting. Scanning.
Not on the street, but over the digital highway.
Our schools in NSW have taken great steps in helping children adapt to the new age of learning, where cyber space connects them to people across the street and across the globe. Laptops, tablets and even smartphones are becoming integral aspects of our children’s schooling experience.
Many schools now require children to own their own laptop or tablet, so they can keep up with the curriculum.
As part of this, most schools are educating students and teachers about cyber bullying. Great! Most schools also have policies regarding the appropriate use of the internet and social media sites like Facebook and Twitter. Wonderful!
But what about the predators outside the school system? Unfortunately, those who use technology to illegally obtain information and access personal information from the vulnerable and unwary in cyber space have advanced far more quickly than our education system, and schools are an easy target.
Right now, it would take a ‘hacker’ with a relatively basic level of skill to sit outside a major school in Sydney and potentially break into the school’s Wi-Fi system. Using a variety of techniques, like establishing a rogue spot that mimics the school network or a simple bypass if the Wi-Fi has zero encryption, hackers can use a ‘sniffer program’ to see every piece of tech logged on to that particular network -- phones, tablets, laptops.
Once they’re in, they have access to a smorgasbord of personal details and sensitive material. Bank account details, passwords, your kids' private photos -- everything.
The reason it’s easy is that there is no government-mandated level of cyber security that our schools must adhere to in order to protect their networks from being breached. Not at a NSW State level and not at a Federal level.
While schools are provided with guidelines and advice by the Department of Education, there is no benchmark standard they are required to meet to protect their online environment.
Obviously this leads to a hodgepodge level of security across our education system, with some schools making the grade in protecting their networks, while others remain hopelessly exposed.
In the recent state budget, the NSW Government committed $20 million to detect and respond to cyber incidents across all government departments, including education.
It’s a first step, but essentially a drop in a very large ocean and really only useful for analysing breaches after they’ve occurred. More needs to be done to protect our school kids.
The Department of Education should immediately review the advice being provided to schools, and new regulations must establish a standard minimum level of cyber security for all schools in NSW.
This should include ensuring Wi-Fi systems are encrypted and that schools are funded to install top of the line anti-breach software. Importantly, schools should be funded and required to undertake annual IT audits that test their level of cyber security.
Of course this will mean a hit to the budget bottom line for the NSW State Government. But what price is too high to pay for the confidence that our children’s online learning experience is safe and secure?
Sorin Toma is Managing Director, Xpotentia, Former Principal Cyber-Security Adviser, UNSW, and a father of two school-aged children.