21st July 2024 Leadership & Management All Posts

D is for Data Security

As the world continues its shift towards becoming increasingly digital, it’s never been more vital for all early years childcare providers to have steps in place that help protect devices and systems – and, ultimately, their data.

This isn’t only vital for safeguarding personal, confidential, and sensitive information – whether about staff, children, their families, or the organisation – against online criminals, but accidental damage and loss too. 

It’s only in recent years that childcare providers received guidance from the Government’s National Cyber Security Centre (NCSC) and were warned about the threat of cyber-attacks – including calls for a more secure approach to sharing information.

Here are some actions early years settings and their IT teams can take to help keep their data safe:

When you first receive a firewall, switch or device reset the default password

Use strong passwords for each login using 3 random words (eg Hippo!PizzaRocket1) and store them safely. And where possible, use two-factor authentication, biometric logins or a password generator.  Updated guidance from the Government’s National Cyber Security Centre (NCSC) on passwords.

Have individual logins for each authorised person and account – do not share accounts even if asked.

Ensure that any devices,  applications and browsers used to access child data are running the latest version of a supported operating system and kept up to date, in order to benefit from the most robust levels of security.

Lock screens when away from devices so that child data cannot be accessed inappropriately, where possible enable timeouts to lock the screen automatically.

Store paper records and electronic devices in a locked cupboard overnight to help prevent theft.

Use a screen filter or position the monitor away from windows and doors, to ensure screens cannot be seen by passers-by.

Utilise individual permissions settings to make sure that data is shared only with authorised staff.

Ensure up-to-date antivirus software and definitions are installed on all devices.

Use trusted software from leading providers to benefit from the highest levels of protection, while minimising unnecessary paper trails which put important data at risk.

Ensure all internet devices have firewalls enabled or a centralised firewall to prevent unauthorised access to the internal network with annual reviews of the settings with a business case for each allowed site.

However, if using paper trails, then make sure all data is disposed of securely using a shredder or trusted waste paper management company.

‘Phishing’ is when criminals use scam emails, text messages or phone calls to trick their victims. The aim is often to make you visit a website, which may download a virus onto your computer, or steal bank details or other personal information. Introduce security awareness training so your employees can recognise a phishing attack and report them to the NCSC

Disable auto-run features to prevent downloaded software from running automatically to prevent a virus infection.

Remove all pre installed and unused software from devices if it is not required.

Remove Unrequired User Accounts to prevent unauthorised access.

Finally, create a human firewall by giving all staff security induction training and provide annual refresher courses.

The ABC of Nursery Management
- FREE Download

Building on the success of our 2022 guide, this new edition includes contributions from both familiar faces and new voices in the field. The guide is packed with practical tips tailored for nursery managers, aimed at empowering and supporting them in their crucial role.
Share this article
About the Author

Greg Reed is the Head of Operations at Connect Childcare, overseeing Infrastructure, Security, and Compliance. With over eight years of IT management and security experience, he has a proven track record of implementing operational excellence and ensuring compliance with GDPR, ISO27001, and ISO9001 standards.