Virtual learning technology can bring huge benefits to schools, deliver significant cost savings and make for a more flexible and engaging learning environment – but it can also involve security issues. Given that virtual learning environments (VLEs) enable students to use personal devices in the classroom, and require the storing of economic, administrative and personal data before they can be used, it’s crucial to put robust security policies in place and communicate them to your stakeholders.
Forward planning
Schools must set user privileges (for teaching staff, administrative staff and pupils) appropriately, so that everyone can access the material they require while minimising the potential for deliberate or accidental misuse of the network. At the very least, access to VLE-stored data should be limited to authorised staff, students, governors and PTA members, all of whom ought to use strong passwords that are changed at regular intervals. Cloud computing services or managed service providers can reduce the risks that might lead to damaged or lost data. Savvy schools who know they’re not necessarily security experts will enlist managed service providers to make sure their data services are reliable and secure, but it’s vital that you can trust the partner you choose. Look for assurances of uptime (periods when the device or service is working and available) and security guarantees. Remote learning is on the rise in many schools, with students increasingly using devices at home for educational purposes. Some pedagogical approaches, such as the flipped classroom model, revolve around the principle that learning can be done at any time or place. This can present a security challenge, but there are some simple steps you can take to ensure your security policy isn’t compromised. In most cases, taking care over your access permissions will prevent issues with pupils inappropriately accessing your VLE or other school systems from home, but the most important weapon in ensuring your security policy is observed is the parent or guardian.
An open approach
Parents should be engaged as much as possible in the technical side of their child’s safety. Drawing up a simple, ‘common sense’ version of your ICT policy and making it readily available is a good first step. Also vital is an open approach to data collection and storage – it’s the school’s responsibility to tell stakeholders how to keep, store and share any information they hold, so make sure your policies are up to date and shared sensibly. Another approach can be to appoint a member of staff to liaise with parents with regards to your VLEs and security and assume special responsibility as a parent advocate, to help parents feel more involved. Your security shouldn’t be the responsibility of just one person, however. It takes a range of staff and parents to keep the school’s and pupils’ personal data safe – you may find that some of the most useful awareness and support comes from your administrators and business managers.
GET PARENTS ON BOARD
- Make a simple and readable version of your ICT policy readily available Avoid using guidance that’s lengthy, jargon-filled and supplied without a glossary
- Regular items in school newsletters can be used to inform parents about smaller policy changes
- To get a better practical sense of what remote learning should entail from the parents’ perspective, request that your ICT team bring in a small, select group of parents when drafting the policy
- Distribute parental leaflets on the safe and secure use of tech by pupils, which outline what to do if they have any questions about their role in supporting their child’s ICT security
- Encourage use of VLE apps, such as the Canvas Parent App, to engage parents and make them more familiar with the service and how it’s used
Sam Blyth is director of schools and further education at the learning management system provider Canvas; for more information, visit canvaslms.com or follow @canvasLMS
