As the world continues to become increasingly reliant upon technology to complete everyday tasks, it’s never been more important for businesses to have measures in place that help protect devices and systems.
In the early years childcare sector, specifically, this is vital for safeguarding personal, confidential, and sensitive information – whether about staff, children, their families, or the organisation – against online criminals.
Such steps help to prevent accidental damage and loss too.
In 2021, nurseries and childminders received guidance from the government’s National Cyber Security Centre (NCSC) and were warned about the threat of cyber-attacks.
The government called for a more secure approach to sharing information.
It encouraged childcare staff to acknowledge the online risks out there and explained how – regardless of the size and nature of a setting – its routine information is valuable to criminals.
However, the ICO Security Report recently named the education and childcare sector as the second worst offender for data breaches in the UK – accounting for almost 1 in 7 cases since 2019.
This is why it’s very important for settings to reflect on the security measures they have in place, and ensure they are as protected as they can be.
1) Be savvy with passwords
Be sure to use secure, complex passwords and store them safely. Where possible, implement two-factor authentication, too.
This means that to access the data, a user must confirm their identity via two different forms of identification. These could include passwords, PINs, or even biometric logins, such as a fingerprint.
2) Set up individual logins
Each authorised person should have their own credentials so that any actions completed by an account are tracked to a single user.
It’s important not to share accounts, as it becomes difficult to trace who is accessing or changing what.
On a related note, it’s also important to constantly review which accounts are being used. If a staff member leaves the business, their profile should be removed or disabled.
3) Remember to update
It’s crucial to ensure that any devices and applications used to access child data are running the latest version of supported operating system and kept up to date, to benefit from the most robust levels of security.
The same also applies to the antivirus software installed on all devices. If upgrades are missed, this can potentially create a vulnerability and entry gateway for hackers.
4) Utilise the ‘lock’ function
When you press ctrl + alt + delete, a screen appears with ‘lock’ as an option.
This should be used any time a member of staff is away from their device, so that child data cannot be accessed inappropriately by unauthorised users.
5) Think about storage and positioning
Keeping devices safe when not in use should be carefully considered. Stashing them in a locked cupboard overnight can help to prevent theft, for example.
Also, using a screen filter or positioning any monitors away from windows and doors ensures screens cannot be seen by passers-by.
6) Tailor staff permissions
By implementing individual permissions settings, this makes sure that data is shared only with authorised staff.
7) Educate users
The biggest weakness in any system is often human error, whether that be due to misconfiguration of systems, or a colleague being deceived by a phishing email.
Giving all staff security induction training and providing annual refresher courses can reduce the risk of security incidents and data breaches dramatically.
8) Back up information
Whether business-critical data such as invoices or fee payments, or sensitive information such as contact details, it is vital to back this up regularly, so it is not lost in the event of a natural disaster, theft of equipment, or data ransom incident.
Also, if using nursery management software, be sure to partner with a leading provider to benefit from the highest levels of security credentials and protection.
This will keep your digital data safe with passwords and encrypted back-ups – while minimising unnecessary paper trails, which put important data at risk.
Greg Reed is Connect Childcare’s head of infrastructure and security.