I was on holiday in Ireland last week. The ‘wow’ moments as we drove along the Wild Atlantic Way in the South and West frequently demanded that we stop and just take in the natural beauty (and snap some terrific pics). We’ll definitely go back to Ireland!
By now you might be checking exactly what link you clicked on… and no, don’t panic, Novatia are not travel agents! Having secured return flights for £1 each we decided to maintain our parsimonious approach to this time away and 4 days' car hire for £40.
At the end of our holiday we wanted two cheap nights’ accommodation in Dublin. Vacated student hall complexes offered a thrifty solution (the accommodation is not linked to a university, but is provided by a global enterprise and rented out in student breaks). All mod cons abounded – ensuite, Wi-Fi - and even a gym in the building.
I went to check out the gym, and came upon an open door marked Comms Room. As part of my Novatia job is ensuring that Comms Rooms are fit for purpose in new school buildings, I thought I’d take a look.
I took some pictures because – just like on the Wild Atlantic Way - I couldn’t quite believe what I saw.
The room was full of cleaning equipment and supplies… stacked. Access to the cabinets: well nigh impossible. I get it… it’s not term-time and effective room cleaning is important to keep guests happy in and the Tripadvisor stars coming in (and cleaners’ cupboards are never big enough)… but someone in that organisation has lost sight of the even bigger picture.
This was not a ‘dead’ room: the Wi-Fi was still in operation, the security systems (access control and CCTV) running and lights blinking appropriately. Whilst operationally it’s all wrong – inflammable liquids, access to comms cabinets blocked - it’s even more concerning as a physical cybersecurity breach. Anybody could have got in there… an explorer, a mischief-maker or a ‘bad actor’ with evil intent. The unintended consequences of the time-saving expediency of parking some cleaning trolleys in that unlocked Comms Room could be catastrophic.
When talking with school leaders about cyber security the conversation always comes back to “How can you stop people making bad decisions?.” Even training and certification can’t fix everything… humans do the wrong thing. I might have had lessons and passed a driving test… but I still drive too fast. With cybersecurity our commitment has to be to help our staff think twice – and then again – before making a bad cyber decision… whether it’s a too-easy password, an unchecked USB stick, a click on an unknown link or an unthinking sharing of data. Even the vacated office with the door left open whilst the MIS is on-screen counts as one of those unconscious poor decisions that could have unintended consequences.
So what can you do? Three suggestions that might help to keep cybersecurity prominent in peoples’ thinking even after the 30 minute training in September is over…
- Posters – like wall displays these fade into the background of our consciousness after a while --- so refresh them. Secure Schools provide a downloadable set so take advantage of their generosity.
- Promote a Near-Miss mentality – encourage people to be honest about cybersecurity near misses, where they almost did something risky but didn’t.
- Identify an Ambassador – someone who, for the sake of the organisation, is willing to be ‘notice-giver’, ‘insight-sharer’ and ‘licensed to censure’ … who won’t let go of the issue. It’s one way we eventually managed to get Safeguarding right in schools after all.
You might want an external look at what happens in your organisation. As consultants in all areas related to ICT in education our commitment is to be honest with you about what we see, hear and read during our engagement with you. We apply our technical, leadership, operational and data insight gleaned over our combined 120 years in education ICT to help you achieve excellence in what you do.
