UK: Pupils as a threat to cybersecurity in schools
When data is accessed unlawfully in British schools, it is often pupils who are behind it. The data protection authority warns against this.
(Image: Gorodenkoff/Shutterstock.com)
In the UK, pupils are behind more than half of the cyberattacks on schools carried out by insiders. This is the result of an analysis by the UK Data Protection Authority, which evaluated over 200 incidents between January 2022 and August 2024. In almost a third of the incidents, stolen access data was the cause of a data breach, and 97 percent of these were at the expense of children or young people. The Information Commissioner's Office (ICO) speaks of a worrying trend and adds that negligence on the part of schools is a significant part of the problem. They should therefore strengthen their cybersecurity.
Talk to children about their activities
The authority cites a few examples. For example, three 11-year-olds illegally gained access to a system at their secondary school in which data on more than 1,400 pupils was stored. Afterward, they explained that they were interested in IT and cybersecurity. They had wanted to test their skills and used tools from the internet to crack passwords. In another case, a pupil had used the same access to not only view information in a database on 9,000 employees, applicants and pupils, but also to add to and change it. The case ended up with the police.
Videos by heise
The authority is now calling on schools to "be part of the solution" and do more for data protection and cybersecurity. But parents should also play their part and regularly talk to their children about what they are doing online. What appears to be fun can quickly degenerate into "illegal and harmful activity" with far-reaching consequences. Apparently, this can start earlier than you might think. The British National Crime Agency (NCA) found that one in five children between the ages of 10 and 16 are illegally active online. Just a year ago, a child as young as seven was referred to a program designed to help people with extensive IT skills who have gone astray.
(mho)
