10th August 2022 Expert Advice All Posts

Data Safety in the Early Years: 10-Step Security Baseline Checklist

In a world of increasing cyber threats – in quantity, complexity, and variety – the role of IT security is more important than ever.

Our security team recently spoke to NMT, sharing a simple checklist that childcare providers and their IT teams can implement or audit against, which can help keep security incidents or data breaches to a minimum.

If you missed the original write-up in the July/August magazine, you can catch up here…

Cyber Security in the Early Years

As the world shifts to becoming increasingly digital, it’s never been more vital for all businesses within the early years sector and beyond to have steps in place that help protect devices and systems.

This isn’t only vital for safeguarding personal, confidential, and sensitive information – whether about staff, children, their families, or the organisation – against online criminals, but accidental damage and loss too. 

It was only last year that nurseries and childminders received guidance from the Government’s National Cyber Security Centre (NCSC) and were warned about the threat of cyber-attacks – including calls for a more secure approach to sharing information.

And here are some baseline security tips all childcare settings should be implementing when it comes to data safety best practice…

Store your systems and data in a physically secure area

If you’re using hardware such as laptops, PCs, tablets, USBs, or even server infrastructure, ensure you’re keeping these in a secure location. For instance, your IT room should feature locks and strong doors, and there should be a clear list of authorised staff members who have access to it. In addition, laptops and PCs can be physically secured using devices such as Kensington locks.

Ensure all endpoints and servers that deal with data have antivirus protection

Antivirus software is usually the last line of defence for your asset against malware/viruses, so be sure that you’re using one. Although they’re not 100% foolproof, they can prevent the more common threats from entering your systems. There is a number of reputable software options available – both paid and free – that will work depending on your setting’s individual needs. 

Track and account for all assets

One of the biggest reasons data breaches occur is due to untracked devices with personal data stored on them. Therefore, it’s essential that your business tracks these assets, and if they’re lost/stolen, they are reported as soon as possible. Swift action means that remedial actions can be completed as efficiently as possible.

Implement a clear policy on usage of removable media

Following on from the previous point, one way you can completely avoid this is to forbid any storing of data on removable media such as USBs. Also, you may want to consider employing a policy on what data can be saved on a laptop/PC hard drive – for example, no personal details allowed.

Have a patching policy in place for all servers, tablets, systems, and endpoints

Some of the common attacks used by cyber criminals are via unpatched systems and devices. Patches usually contain fixes to security vulnerabilities that may be used by hackers. Therefore, it may be worth scheduling a ‘patching day’ with your IT team, where you bring systems down for a set time to update software or the operating systems.

Employ an encryption policy for all systems

If you require personal data to be stored in a physical location – such as on laptops or servers – it may be worth encrypting the data held within, to prevent unauthorised disclosure or modification. For instance, if a laptop with personal information went missing and the hard drive was encrypted, criminals will be unable to access the data without the encryption key.

Put firewalls on key assets

Firewalls can come either software or hardware-based, but they essentially function the same way. They control network access to devices or servers with a configured set of rules – they are key components when securing any system. If you don’t employ any firewalls, strongly consider using one and ensure you’re consistently reviewing the rules on it. Speak to your IT team if you’re unsure about this, too.

Put security incident management/data breach management in place

Security incidents and data breaches are unfortunate occurrences but if managed properly, can provide essential information. Not only are they key requirements in data protection legislation, but they can also help pinpoint gaps where security may be weak and system vulnerabilities need remedying.

Provide adequate security and data training for staff

The biggest weakness in any system is always human error, whether that be as a result of misconfiguration of systems, or a colleague being duped by a phishing email. In truth, the training of your workforce can reduce security incidents/data breaches dramatically. From official certifications to free online resources, there are many tools at your disposal.

Implement policies around account/password management

All accounts, especially those with access to child data, should be assigned to a single user only. This is so that any actions completed by an account are tracked to a single user. If the account is being shared between people, it becomes difficult to track who is changing what. On a related note, ensure you’re constantly reviewing which accounts are being used and if a staff member leaves your business, it’s crucial to remove or disable their account.

Also, when it comes to passwords, you can set up two-factor authentication, which works by applying a second layer of security to your accounts. This credential could be a one-time passcode sent to your mobile phone or an app, or a biometric verification, such as a fingerprint scan.

In essence, data security is, and forever will be, an incredibly important topic within the early years sector, and these 10 steps can go some way in helping settings to keep their data and systems safe. However, childcare providers should also consider implementing further security actions – such as certifications and external auditing – as they can help to fine-tune and protect your IT infrastructure.

Find out more on keeping data security front of mind in the nursery sector here. We tasked our Head of infrastructure & security , Greg Reed, to tell us about keeping data security front of mind in the nursery sector. Here’s what he had to say… Read the Full Article

Need help managing the data in your nursery? Contact a member of our team today.

Share this article
About the Author

Imogen is our Content and Social Media creative