ⓘ This page has been translated using artificial intelligence.
IT security in the staff room
Digital teaching formats arrived virtually overnight – and presented many teachers with major challenges. In the heat of the moment, solutions were sought and found at short notice – but are they secure? On this page, we discuss what teachers can do to improve IT security when preparing lessons and handling confidential data.
Go directly to topic
Share this page
You will find these topics on this page:
- As a teacher, are you aware of your role model status and do you practise IT security yourself?
- Ensure you handle school data securely and store pupil data safely – even when working from home.
- We will show you secure ways to communicate with parents digitally.
- And what do you need to bear in mind as a teacher on social media?
You will find the following topics on this page
Topic
Leading by example in IT security
Teachers are important role models for young people, and if John Hattie and his 2009 study ‘Visible Learning’(opens in new tab) are to be believed, they are even the most important influencing factor for pupils. Children copy the behaviour of adults, especially at a young age. Teachers can therefore also play an important role in setting an example when it comes to IT security.
Set a conscious example and demonstrate IT security in your own behaviour. Here are our 10 tips for greater online security:
10 tips for greater online security.
1. Protect access to devices
Whether it's a computer, laptop, tablet or smartphone, protect your devices with a code or biometric encryption. Lock your devices as soon as you stop using them, even if it's only for a few minutes. This will ensure that your personal data and your students' data remain secure.
2. Perform software updates
Software updates close security gaps. It is therefore essential that you install updates as soon as they are released. Some systems also offer automatic software updates overnight if the settings are configured correctly.
3. Surf safely
When surfing the net, as in many places, common sense is required. Always check whether the website you are visiting is secure and SSL-encrypted – the first indication of this is https:// in the URL. If a site has questionable pop-ups or advertisements, caution is advised.
4. Use official stores
Do you need a specific programme for preparing or following up on lessons? Only purchase or download programmes and apps from trustworthy websites or official providers. Remain vigilant during the download process: does the programme really need all the access it requests?
5. Check your connection
Which network are you currently connected to? School network, home Wi-Fi, hotspot or public network? Always exercise caution when using an unknown or public network. When on the move, it is better to switch to your smartphone's personal hotspot.
6. Store data securely
Exams written, corrected and stored locally on your work laptop. But then the unthinkable happens: your laptop is stolen or you accidentally spill a glass of water over the keyboard. Not only is the device gone, but so is all the data stored locally.
To ensure you don't lose this important information forever, we recommend always creating a backup on the cloud. This allows you to easily restore your data at any time. Again, make sure you choose a trustworthy provider.
Visit Educa Navigator(opens in new tab), the Federal Agency for ICT in Education(opens in new tab), which has tested and evaluated a wide range of applications in the school environment. Although not specifically designed for schools, our mycloud.ch service is secure and stores all data in Switzerland.
7. Use secure passwords
Adhere to the minimum requirements for secure passwords. Create a separate password for each service provider and login, and use a password manager if necessary. We recommend Swisscom blue Security & Service. Avoid writing passwords on Post-it notes at all costs.
Tip: Passphrases are often significantly more secure than passwords.
8. Beware of phishing
Develop a healthy scepticism when you are unexpectedly asked to open a link or document. Phishing emails often look deceptively genuine these days, but they are frequently characterised by urgency, insistent requests or exclusivity. Check the sender carefully and, if in doubt, avoid clicking on any links or attachments.
Report suspicious emails and links to your ICT manager – especially if you have already (accidentally) clicked on them. You can find out how to recognise phishing emails here.
9. Two-factor authentication
Make it difficult for cybercriminals and protect your data twice over – with two-factor authentication. Depending on the login and provider, after entering your access data (username and password), a code is sent by text message or email, or double authentication is carried out in an authenticator app. Learn more about 2FA.(opens in new tab)
10. Report attacks
Have you been the victim of a hacker attack? We'll tell you what to do now.
Topic
Data protection: Secure handling of school data
In schools, personal data about pupils (and also teachers) is collected every day, and in most cases this data is now stored digitally: school reports, confidential information about health issues or special educational measures. What is the correct way to handle such sensitive data in schools?
The legal basis for the protection of this sensitive data is provided by the Swiss Federal Constitution:
‘Every person has the right to protection from misuse of their personal data.’
The Federal Data Protection Act, which came into force on 1 September 2023, applies primarily to federal authorities and private individuals (and companies). However, this law does not apply to schools as cantonal or municipal bodies: instead, the legal basis of the canton applies. The specialist agency for ICT in education(opens in new tab), educa, has compiled these cantonal provisions(opens in new tab).
According to these provisions, schools are obliged to conscientiously protect all personal data collected at school (as well as in home offices or during home schooling). But how?
Lock screen
If you are working on your laptop and get up briefly to fetch something or go to the toilet, always lock your computer with a password. Never leave your devices unprotected – especially in a public space.
Tip: Switch on the automatic screen lock after just one minute of inactivity.
Privacy protection in public spaces
If you use your device in public places (e.g. in a restaurant or hotel), make sure you are not being watched and do not use unknown, publicly accessible Wi-Fi. It is safer to use a private hotspot with your smartphone or a VPN(opens in new tab).
No dual use
Separate private and business use and storage on your device as much as possible, and be careful when installing software to avoid potentially harmful malware. Once it has found its way onto your device, it is only a short step to the school network.
Careful handling of personal data
Handle personal data such as names, addresses, grades, class affiliations, etc. conscientiously and with the necessary care. This applies not only to digital spreadsheets, but also to printouts on your desk. Pass on this awareness to your pupils, e.g. when purchasing a service in an online shop or similar.
Destroy data upon withdrawal of consent
If parents or pupils insist that they want to delete personal data about themselves (e.g. photos from school trips), you are obliged to comply with this request. Make sure that you destroy this confidential data in accordance with data protection regulations and irrevocably (including from the recycle bin and any backups).
Comply with deletion periods
If deletion periods apply to certain orders or tests on your part, please ensure that you comply with them. Delete this personal data conscientiously and in accordance with data protection regulations.
educa dossier: Data protection-compliant schools
In close cooperation with school administrators, ICT managers and the Association of Cantonal Data Protection Officers (privatim), educa has compiled a comprehensive dossier on the topic of ‘Data protection-compliant schools’.
Topic
How and where can I securely store student data?
The vast amount of digital data generated by digitisation on a typical school day is almost impossible to comprehend. But how do you, as a teacher, handle this data responsibly and where do you store it?
As a general rule, follow your school's data protection guidelines and ask your IT managers about your options, such as usable data storage, platforms and applications.
We recommend that schools set clear guidelines and centrally define the tested and approved storage locations, platforms and applications to make it easier for teachers to choose. This also allows the potential risks to be assessed centrally.
Regardless of this, the following options are available to you for data backup:
Cloud solutions with password protection
Storing pupil data in the cloud not only has the advantage of making it available anytime, anywhere, but in most cases the provider also creates a fail-safe backup copy. Ideally, the cloud should be protected with a password and two-factor authentication.
It is advisable for schools to evaluate and implement a suitable storage solution. This has the following advantages:
- Thorough analysis of the provider (including security aspects) and the cloud solution
- Simplified exchange of data between teachers
- Consistent development of skills among the teaching staff
Trustworthy data carriers
If you store data such as exams or grade overviews on a USB stick, for example, you run the risk of the USB stick being lost or stolen. We advise against transporting or editing data using a USB stick. In addition, malware can be “transferred” via a USB stick and thus enter the school network.
Secure storage of data carriers
Ensure that you always handle data carriers containing sensitive data with the necessary care and do not leave them unattended on the table. Data carriers should also be stored safely away from external influences to prevent damage and loss of data.
Overview of cloud solutions
| Name | Free capacity | Pricing models | Data storage | Data encrypted? |
|---|---|---|---|---|
| Swisscom myCloud | 10 GB | 10 GB | free 100 GB | 1.90 CHF/month 250 GB | 3.90 CHF/month 2 TB | 9.90 CHF/month |
Switzerland | Yes |
| Microsoft OneDrive | 5 GB | 5 GB | free 100 GB | Microsoft 365 Basic: 1.95 CHF/month(privat) 1 TB | Microsoft 365 Single: 6.95 CHF/month(privat) 1 TB pro Nutzer*in | Microsoft 365 Business Basic: 5.40 CHF/month per user (business) |
USA, EU, specific regions, including Switzerland | Yes |
| iCloud Drive | 5 GB | 5 GB |free 50 GB | 1 CHF 200 GB | 3 CHF 2 TB | 10 CHF 6 TB | 30 CHF 12 TB | 60 CHF |
USA, EU, specific regions | Yes |
| Google Drive | 15 GB | 15 GB |free 100 GB | Basic: 2 CHF/month 2 TB | Premium: 10 CHF/month 2 TB | AI Premium: 17 CHF/month |
USA, EU, specific regions | Yes |
| Dropbox | 2 GB | 2 GB | Basic: free 2 TB | Plus: 11,99 CHF/month 15 TB | Essentials: 18 CHF/month |
USA | Yes |
Prices are a selection as of August 2024.
Topic
Homeschooling and working from home – but safely
With the lockdown resulting from the coronavirus pandemic, many schools were suddenly faced with the requirement to enable home schooling. Solutions had to be found overnight. These ‘temporary measures’ are still in use today. But are they secure enough?
To protect the information of your pupils and yourself as teachers beyond the device, please note the following points:
Store data in encrypted form
Always save data such as Excel lists outside the school network in encrypted form. Here's how.(opens in new tab)
Protect devices
- Make sure you install all available security updates for your software regularly and promptly – ideally, this should happen automatically.
- Activate the firewall built into your operating system. Ask your IT department for more information and find out what built-in hardware or software firewalls are available at your school. Schools that benefit from ‘Schools on the Internet’ usually also use Swisscom's professionally managed firewall service. However, this service is integrated into the education network that we provide to the cantons and does not protect your computer when you are online on another network at home or on the move.
- Use a virus protection programme and perform regular system checks.
- Further information can be found here(opens in new tab).
Check security settings
If you are working on your personal device, adjust the necessary security settings. Your IT department will be happy to assist you if you have any questions.
Use a password manager
To ensure that you and your pupils have all the necessary passwords securely available digitally when working from home or during home schooling, use a password manager. Sending passwords on a Post-it note or via class chat is a no-go.
Secure home network or VPN
- When connecting your device to your home network, check that this device is not visible to others on the network and ensure that the file sharing option is turned off.
- Protect your home Wi-Fi with a strong password.
- Also keep your router's software (known as firmware) up to date.
- If necessary, use a VPN to route all traffic through the school network. The Swisscom ‘Schools on the Internet’ offer includes a highly secure firewall and VPN access.
Topic
Communicating digitally with parents
Since communication with parents often involves sensitive personal data, it is important to conduct this communication only via secure channels. Which channels are suitable for this purpose and which are not?
We have compiled the most important communication channels and weighed them against each other in terms of security.
Telephone
When making a telephone call in Switzerland, you can generally assume that data security is guaranteed. However, it is not always possible to determine the identity of the other party with certainty and thus ensure that they are authorised to receive confidential information.
In many schools, email has replaced letter-based communication. Although emails are efficient, they offer little or no data security for confidential information.
However, the email or newsletter format is an efficient way to share general school information, such as term news or event announcements, with parents and guardians.
When sending circular emails, be sure to either use a professional newsletter application or send the various email addresses in blind carbon copy (Bcc) (and not in carbon copy (Cc)!
Messenger services
In many classes today, it is common to use a shared class chat on WhatsApp or similar messaging services. Such a chat can be very useful for communicating with parents.
However, it is advisable to thoroughly check the desired tool in advance with regard to data protection. This is especially important if you want to exchange confidential information in this way. For legal and data protection reasons, Swiss services such as Threema are generally recommended for this purpose. Like WhatsApp, these services use end-to-end encryption, but significantly less data is temporarily stored on the Threema servers(opens in new tab).
For reference: Messaging apps in comparison(opens in new tab)
Modern school administration platforms such as Klapp(opens in new tab) or escola(opens in new tab) even offer an integrated communication channel with pupils and parents or guardians. This means that the information remains in the protected area of the platform.
Data storage
Sometimes it may be necessary to allow third parties access to certain data storage. For example, parents and guardians can access class photos from the ski camp.
In this case, it is important to remind parents of the necessary care and responsibility with which they must treat the sensitive data stored there. As a teacher or administrator, you can also restrict the type of access depending on the service and, for example, block the downloading of data.
To ensure that only authorised persons can view confidential information, you can also create separate storage locations and access rights for each authorised person and/or party: e.g. only make the photos of their own children available to parents.
This is important
- Protect your students' data – especially in public spaces or when working from home.
- Use secure passwords and 2FA and set an example for your students when it comes to IT security.
- When communicating with parents, use secure communication channels such as Threema or internal school platforms.
- Learn more about cyber security and gain confidence in dealing with phishing and cybercrime.
Useful links
Further content
We have compiled further information and content on the topic of ‘IT in the staff room’ here.
Useful links
Other interesting topics
Ask Michael
Michael In Albon is Swisscom's Youth Media Protection Officer. He is available to answer any questions you may have about IT in the staff room.
Michael In Albon
Youth Media Protection Officer,
Head of Schulen ans Internet (SAI)