Share this article on:
The New Zealand Ministry of Education has been working on improving cyber security in schools for the last 18 months, after finding that the greatest threat to schools was software developed in the country itself.
The security threat was revealed in a paper addressed to Chris Hipkins, New Zealand’s Education Minister, which was itself made public this month. The paper directly informed the recent moves to improve school security by centralising important services, as the paper recommended.
The paper found that many schools, especially small or relatively remote ones, struggled with cyber security matters in general, finding the process to be “costly and burdensome”. This was being made worse by the software many schools were using.
“These issues are exacerbated by evidence of poor design and implementation of many of the applications schools rely on for their day-to-day operations. This is particularly acute with education sector-specific applications such as SMS. Many vendors in this space are small local companies that do not meet standards typically required by government,” the report stated.
The uptake of cloud computing services, especially ones that are effectively free — such as various Google services — also complicates matters, since they are “not necessarily subject to NZ jurisdictional protections”.
The released document, which appears to be a scan of the original hardcopy, also features the Education Minister’s handwritten response. Some of the points, such as the one above, have been highlighted with an asterisk by Minister Hipkins.
“I would like this work given an even greater sense of urgency than the paper suggests,” Minister Hipkins wrote in June of last year. “We can’t afford to lose a single day, given the vulnerability. Schools do not have the capability or capacity to manage these issues and it is unfair to ask them to do so.”
In light of some of the very high-profile security issues a number of Australian businesses and organisations have recently faced, it would seem the Ministry of Education is right to be somewhat alarmed.
Among the paper’s recommendations were the establishment of offline back-up capabilities, accelerated rollouts of secure access points, a cyber security insurance review, and the development of secure configurations for software such as Google Workspace for Education, among others.
Since June 2021, the ministry has been working closely with Australian officials on improving standards for educational software shared by the two countries.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.