Beyond the physical, cyber security is an increasingly essential aspect of school life in the 2020s, with remote online learning having put extra onus on this over the past year.
Many schools choose to create their own security risk management plans and policies, sometimes with the support and advice of security consultants to do this.
Identifying security risks at your school and planning how to reduce these risks informs your unique security risk management plan. When creating this plan, schools should:
First, audit and assess its security risks. Ranking security issues identified in the audit in their order of importance will allow schools to determine which actions need to be prioritised when writing a security risk management plan. After the security audit and risk management planning has taken place, the school’s security policies should be drawn up. Access policies, such as visitor policy, pedestrian and vehicle access should be adapted to fit with building and systems changes, as well as keeping up to date with digital developments.
If you find that your school meets certain risk requirements, it may qualify for government funding towards installation of intruder alert systems and more. Alternatively, if your school has suffered property damage in the past, the government may pay for a formal security audit. For schools that do not meet the criteria for additional funding, you can undertake your own audit by following the risk management tools provided online by your state department or use a licensed security consultant.
Bespoke advice around security design, covering all security system requirements and options including alarms, CCTV, lighting and more can be provided by security consultants, and look for general advice from your local and state education departments.
Conferences and online events dedicated entirely to school cyber security are highlighting current cyber security trends and the risks they pose to our education sector; sharing information that is particularly urgent, given the digital attacks Australia has experienced this year across sectors.
‘Distributed denial of service’ (DDoS) attacks have hit schools globally during 2020/21 so there is increased need to become educated on how vulnerable schools can be to these and what they can do to strengthen their defences. Security consultants can help schools understand how to try to prevent online security breaches and the disruptions they cause but what some of the solutions are if they find themselves targeted.
School sector viewpoint:
Hayden Flett, Solutions Manager at SALTO Systems Oceania, explained to us the two types of access control systems he sees in schools that he says pose significant risks, limitations and costs…
“The first are master key systems. Mechanical keys can be lost, borrowed, stolen, and copied – they are also impossible to restrict by time or user. Audit trails cannot be produced for accountability, and rekeying locks because of lost keys can be a very expensive and time-consuming exercise. The second system we see are electronic key systems with no ‘smarts’ in the lock itself. A completely offline system, the locks cannot be controlled remotely or real-time. These systems are very limited in functionality – you cannot automate doors, nor effect an emergency lockdown which is often requested by schools. It’s therefore important that schools ensure that whatever system they choose, it can grow with their security needs and safety concerns.
“Schools often have very tight budgets, and a wide variety of access points that can be located in new, old and heritage buildings.
“Wireless locking technology, that does not require expensive and labour-intensive cabling, can meet all these challenges and more. These systems can also integrate with other security platforms such as alarms or CCTV, and even internal IT systems to manage user identities with minimal fuss.
Sharing his top recommendation for schools, he added: “Traditionally, electronic access control (EAC) has been hard-wired, so it can be very expensive to secure access points with the cabling needed for these solutions. As a consequence, schools are often under the misconception that only their perimeter can and should be secured with EAC.
“The problem is that you will still need multiple credentials to access different areas of the school – this is not a one-card and convenient solution for users. Secondly, a typical school can have between 500-1000 doors, half of which are internal doors. The latest wireless access control solutions can easily and cost-effectively equip these doors in addition to exterior access points, adding complete and layered control to your school security.”