My name is Russell Dyas I am an educational technologist and third line support engineer at Impero however previously to Impero I was Marketing & PR Manager for edugeek.net and a Network Manager for over 10 years working in schools and colleges. Along with all that I provided expertise on various ICT subjects related to organisations such as NAACE and BECTA.I am going to talk about E-Safety and how we can bring a multi functional approach to e-safety.
You may have seen this model released by BECTA and it is a good model Getting E-safety to work successfully is made up of three areasTechnical– This is probably the traditional area people think of when it comes to E-safety so area covers thing such as filtering and recording what people are doing on internet.Policies – This is about how we manage the whole process of esafety what need to do before hand but also what to do when an event occurs.Education – This is about training not only staff within the establishment but also educating students about e-safety as well.However I think that information I better served in following venn diagram.
If all 3 areas are linked and work together then you get best possible e-safety solution in the middle. Often website and filtering are common phrases we associate with e-safety
However it is not just about websites. We at Impero has a multi functional approach we just don’t look at internet we look at the whole system providing protection across all areas of an ICT system. This is important as if your blocking just web filtering you are just looking at one part of your system.Lets discuss the 20 pound elephant and discuss child abuse Images which you can’t avoid when we talk about e-safety.
Lets discuss filtering this probably one of must contentious subjects when it comes to e-safety you have 3 schools of thoughts.Lock It Down – Locking the system down which means users can not get questionable material but they also can not get access to educational material as it is blocked.Open It All – Do not have filters and use every opportunity to educate users on e-safety however there are big child protection issues with this methord.Then in between these two methods is what OSFTED called and recommend which is managed filtering.
So what is managed filtering?Managed filter is half way house you still block websites as schools still have a requirement for safe guarding. But it provides certain filtering levels based on the role and age of the user. So student and stafgf have different filtering levels, year 7 vrs year 12 have a different filtering. However that it is not to say that you need to maintain several different filter lists this can be achieved using whitelist fucntions so for certain users allow certain websites through. Also allowing the appripate school staff to change the filtering and not have to keep asking ISP or Local Authority to change the filtering level. However this also needs to link into safe gaurding so that certain websites can never be whitelisted.
An often over looked part of E-safety is antivirus and patch management making sure systems are up to date so that they can’t comprise any e-safety solutions is an important step and obviously some of the stuff that my colleagues discussed with you earlier in terms of Impero working with GFI will help you with this.
Has school got an E-Safety policy if not then one needs to be created with every stakeholders such as staff, parents, SLT and students input.Also making sure you have an AUP as this makes sure that school is covered legally. Having an AUP also means that appriopate expectations are set this does include making sure include a statement about monotring and recording of the use of ICT. Make sure that sanctions that are layed out in AUP policy and are aligned and part of the sanctions mentioned in your behaviour policy.You need to review AUP annually if nothing else making sure that follows latest guidance from appriopate authorities.However an important part the management is what happens when there is breach of AUP or questionable material is found and like lot of things you do not want to be thinking of correct actions at time of incident you need to think before hand.
So first this is a must if you feel that a child is at immediate risk then inform whoever the Designated Child Protection contacts with in your orginsation. Now depending on what was found for example was evidance of Illegal Activity or Material found will depend on what course of action you need to take.This subject could be a whole day course in itself however there is great guide from Kent County Council as part of the pack you received today is a USB memory stick which has a link to a page on internet not only with the slides from todays event but also links and follow up material and that guide is included.However I will give you some generic points to guide you especially for technical teams with in the school who maybe first responders to an situation.
First thing to discuss is do not investigate while most of technical teams are highly skilled people they are not licensed to investigate material only two groups of people are that is Law enforcment bodies and CEOP (which technically is a law enforcement body) .If illegal material is Confiscate any laptop or other device and if related to school network disable user account. Save ALL evidence but DO NOT view or copy. Let the Police review the evidence.Log everything – make sure you right down everything every step you make, record each with date, times and signature
So we looked at management so lets look at second section which is monitoring. Esafety systems are great but if no one looks at it then nothing happens. Problem can have with e-safety systems is that it’s too much for one person to handle if a single person is in charge then they become overworked and things get lost through the cracks. E-safety is not a single persons resinbility it is every bodies that is one one of reasons within Impero you can have email alerts when a a violation occurs as that means it can be sent to correct person so can go to head of year 7 if a year 7 student.
Lets look at education this is probably most important part out of the 3 areas as e-safety solutions like Impero are installed everywhere.All staff and students need to under go regualar e-safety training so staff know what the risk are and what to do but students can deal with the risks in appriopate why. CEOP and various other bodies talk about difference between safe and secure. I have a 5 year old son and like good parents we need to teach him road sense. We can say hold our hand everytime we cross the road that will keep him safe but it will not make him secure as when he gets older we will no be there so if not taught him how to cross the word he won’t be secure.Filtering is keeping students Safe but education alongside filtering will keep them secure.The quote from the Byron report is very apt – “Children and young people need to be empowered to keep themselves safe...”
I would like to end on few resources onj improving e-safety as previously said links and material are avibale via link on the USB memory stick in your welcome pack.First thing is to get a base line of where you are at and there is two great audit tools from eithr 360Safe or national education network as a school you can run through. These will let you know where at and guidance on improving it.Kent Trust Web has great esafety portal and also has regular information on the latest trends and news. The think you know website CEOP provides lots of e-safety training resources and also CEOP run various e-sasfety courses which I highly recommend.Lastly British Computer Scoiety recently released an E-safety qualification epecially suitable for delivery in schools at key stage 3 and 4. which is getting positive reviews.
V3.5-Not just about websites, it is about amulti-functional approach to the whole system - Keyword Detection - Internet - Applications - Windows Captions
V3.5- Filtering - Open It All - Safe guarding issues - Locked Down - Could disable access to education websites - ‘Managed Filtering’ - Half-way house approach
V3.5What Is ‘Managed Filtering’? It still blocks certain websites. Provides different levels of filtering based on the user’s role and age within the school. Lets appropriate school staff change filtering based on the needs of the school but not endangering any safe guarding.
V3.5- End Point Protection - Antivirus - Patch Management
V3.5- E-Safety Policy - Make sure that it is created with all stakeholders input- AUP - Cover yourself legally… - Making sure expectations are set: “that the school monitors and records all use of ICT and that they will be actively monitored” - Sanctions are also part of your behaviour policy - Review it annually- What Happens When There Is A Breach of The AUP Or Material Is Found?
V3.5 What happens when there is incident of concern?- If a child is at immediate risk, inform whoever the Designated Child Protection contacts is- Work out what you would do now before an event occurs. - Seek advice from other organisations such as local authority if appropriate - There is a good guide from Kent County Council- Depending on if an illegal activity or material has been found or suspected will depend on the course of action.
V3.5- If it might be illegal activity do not investigate let the professionals do that. - Confiscate any laptop or other device and if related to school network - Disable the users account - Save ALL evidence but DO NOT view or copy.- Hopefully your E-Safety system will give you complete logs so just need to give the police full access.
V3.5- If no one looks then data is useless.- It’s too much for one person.- Making it everybodys responsibility. - Email alerts to the correct people when an event is triggered.
V3.5 - Not every computer in the world has an E-Safety solution installed. - Difference between safe and secure. - Make sure that staff and students have had E-Safety training.“Children and young people need to be empowered to keep themselves safe...”Dr Tanya Byron Safer children in a digital world: The report of the Byron Review
V3.5- Make a plan - There are various audit tools that can help you get a baseline. For example 360Safe - http://www.360safe.org.uk/ - Kent Trust E-Safety Portal -www.kenttrustweb.org.uk/?esafety- Whole establishment approach - CEOP/Think You Know - http://thinkyouknow.co.uk/ - BCS E-Safety Qualification - http://www.bcs.org/category/14422