52% of primary schools in the UK identified a cyber security breach or attack in 2023 and for secondary schools, that figure was even higher at 71%. In fact, all education institutions in the UK are more likely to have experienced a breach or attack in the last year than the average UK business.^[1]

With the increase of technology in classrooms, schools are now more vulnerable to these threats than ever before. It’s therefore crucial that schools and teachers are not only aware of the risks, but have strong proactive and reactive measures in place too.

A study by the UK government has shown that, in the last 12 months, primary and secondary schools seem to have had less awareness of government guidance around cyber security. Tools such as the National Cyber Security Centre’s (NSC) 10 Steps to Cyber Security ^[2] and Board Toolkit ^[3], plus certification schemes like Cyber Essentials ^[4] have existed for a while, but with such low awareness the government have now taken more decisive action that puts more of the onus to provide cyber security protection on manufacturers rather than solely on schools. 

On the 29th April 2024, the UK government introduced the Product Security and Technology Infrastructure (PSTI) Act into law. ^[5] The introduction of this act means that all consumer connectible products must meet a certain level of security before they can be sold in the UK. 

As the name suggests, the first part of the bill focuses on product security and these new rules give the government the power to introduce specific minimum security requirements. This includes interactive displays used in education.

Previously, just 1 in 5 manufacturers of consumer connectable products (an internet-connectable or network-connectable device such as smart speakers) had basic security embedded. In 2020, there were an estimated 12.9 million devices ^[6] like this worldwide and most of them lacked anything more than these basic features. This meant that millions of devices and customers were vulnerable to security breaches or attacks.

Schools may not have smart speakers in every classroom, but many have interactive whiteboards that have internet connectivity. This means that tens of thousands of classrooms around the UK are at risk from these vulnerabilities.

According to a recent government survey ^[7], phishing attacks are the most likely incident for schools to have experienced with 92% of secondary schools and 84% of primary schools reporting attacks in the last 12 months. This was closely followed by others impersonating the school through emails or online, and viruses, spyware or malware.

Nicola Pearce, Head of Education, BenQ, commented: “Schools are increasingly becoming targets of cyber incidents and threats, including phishing attacks, password breaches, and ransomware attacks. There were 347 recorded cyber-attacks in the education and childcare sector, in 2023, as a consequence of unauthorised access to school technology and systems, not only putting personal and private data at risk but also disrupting education

“When implementing technology into schools, staff and educators must carefully consider the potential risks and consequences of the technology, and whether the tool they have chosen is the most suitable option. They should also implement proactive measures and encourage a sense of cyber-awareness amongst students and staff to ensure a safe learning environment.”

The introduction of the PSTI Act should mean that schools naturally face fewer cyber security risks as manufacturers will have to implement many safety features as standard. However, cyber security needs to be a collective effort and there are still plenty of precautions and solutions that schools should be aware of to help strengthen their defenses even further.

Many cyber security incidents happen because an outside influence is trying to gain access to confidential information or your IT systems. By using measures such as a secure Account Management System (AMS) and Identity and Access Management (IAM) software, you can create and manage user accounts and permissions.

By giving each person their own personalised user profile, you can reduce the risk of unauthorised people accessing settings, user files, and folders. This also reduces the risk of confidential information such as emails or student data being exposed in the classroom as only resources relevant to each lesson will be displayed. On top of this, there’s the added benefit of allowing teachers to set up their workspace in the way that allows them to teach most effectively.

Protective measures around logging in should also be implemented such as MFA (multi-factor authentication), SSO (single sign on), and NFC card access. As teachers often log on to boards in front of a classroom full of children, it can be easy for students to see the credentials  being used to access systems. Granting access via an NFC card removes this risk and admin can revoke this which means that there’s less risk of someone else using it to gain access even if a card is stolen or lost. Other security methods like MFA and SSO provide additional levels of protection. With BenQ IAM software, it’s possible for IT professionals to integrate existing NFC systems such as door entry with BenQ AMS (Account Management System) for an all-in-one secure solution.

Of course, having these protections around logging in is a good start, but what happens when a logged in board is left unattended? It can be easy for teachers to get distracted at the end of the lesson or have to quickly visit another classroom mid-way through. In this case, enabling something like automatic inactivity tracking that logs users out after a certain period of time is an extra layer of security.

Idle session log outs are just one of the features that IT teams can enable using BenQ cloud softwares, AMS and DMS . Interactive displays have been a gamechanger for teachers and students alike, but an increase in technology means an increase in workload for the IT team, so remote management is key.

BenQ cloud services allows IT members to remotely monitor and manage all of the boards across the school or, in the case of multi-academy trusts (MATs), across  multiple school infrastructures. This means that they can not only monitor things like power consumption of boards, but they can also push out firmware updates and security patches without having to travel to each board.

For an extra level of protection, security software can also be installed, and the network settings can be configured to make it more secure. EDLA certified interactive displays provide additional protection against common cyber security threats with the ability to limit access to the Google Play store inbuilt. ^[8] 

It’s also a good idea to get ahead of the introduction of the PSTI Act by choosing a board with both EDLA and PSTI certified. You can learn more about BenQ’s cloud services and find out how to talk to an expert here.