Remote Working Advice for Schools and MATs (COVID-19)


Step 1 - Define a clear remote working policy

It's now more important than ever to make it clear to staff what they can and can't do when working from home.

Are staff allowed to use their own devices?
Also known as Bring Your Own Device (BYOD). If staff don't have work-issued devices they can use to work remotely, will the school allow staff to use their own personal devices? Work-issued devices should always be used where possible as they're more likely to have security controls in place. As these devices already have the school's software on, they also reduce the likelihood that staff will use software not already approved.

If personal devices will be used by staff, here are some steps they can take to reduce risks:

i) Check that anti-virus software is installed and up-to-date

ii) Check that the operating system (Windows or Mac) is up-to-date

iii) Ensure that the device has a strong password, passcode or PIN

iv) Check that the device has a firewall enabled

v) Check that the device's storage is encrypted

We've developed a School Remote Working Staff Self-Checklist Pack to help schools with this. Available at the moment at no cost.

Step 2 - Determine appropriate communications channels

Staff that work remotely don't have the opportunity to have discussions verbally, in-person. They have no physical staffroom, yet there are inevitably still sensitive conversations that will need to take place with varying levels of confidentiality. 

It's common for staff to find creative ways of doing their job using new technologies; often ones used personally. These technologies can be ill-suited for work purposes and can present cyber security and data protection risks.

By determining which technology will be used for each type of communication, schools can avoid sensitive data being placed on inappropriate platforms.

For example, a school using Microsoft Office 365 suite may determine:

School provided Microsoft Outlook is used for email
(strictly confidential messages sent using encrypted email)
School provided Microsoft Teams is used for meeting, video meetings & chat
School provided Onedrive and Sharepoint is used for file sharing

It would be unacceptable in this case for staff to use personal email accounts and personally-owned file sharing accounts such as Dropbox.

Step 3 - Brief staff on new threats and risks

Crises create opportunities for cybercriminals to exploit vulnerabilities in human nature and processes that haven't been carefully considered or practiced.

Covid-19 is no different. There have already been numerous malicious campaigns from criminals to exploit this situation, reported on by the BBC:

Was this article helpful?
3 out of 3 found this helpful