As the explosion of mobile devices continues unabated, should you be considering a wireless handheld usage policy in your school?
Take a poll of your staff and students. How many of them carry a smartphone in their pockets/ bags? How many are using them, or want to use them, to read or submit school work, email, text with friends/ family or colleagues, and even access cloud-based learning applications such as Moodle? Because so many people now use handheld computers to get so much done, schools, colleges etc are being forced to consider how they fit into their networks. And that means developing a usage policy for wireless handheld devices that your students can use during the school day and beyond.
The very first element your policy should cover is whether or not you allow staff and or students to connect to your network with their personal devices. If you want to let them check their workloads, class schedules or perhaps use your cloud-based apps and E-Learning systems on their devices, then you’ll need to figure out the detailed specifics of what data and applications will be allowed on those devices and how they can be used when connected and not connected to your network.
A wireless device usage policy is similar to an acceptable use policy (AUP) for your network. This post can help you write an AUP for your school. It is a guideline and adapted from a series of best practice articles from across the Internet, alongside our own in house experiences.
Creating a useable wireless device policy
There are a number of questions which need to be considered in a wireless handheld usage policy. Examples:
Who can use their wireless devices on your network?
What kind of information is allowed?
How much control do you retain over personal devices?
Answers to these questions must be covered in your policy to protect your institution from potential liability, security risks, and becoming noncompliant with mandated data privacy requirements. We've come across a number of questions that for us and others, seem to form a good basis on which to ground your policy:
1. What types of information can be accessed or stored on personal wireless devices? This really comes down to business-critical and confidential information versus non-critical or even public information. If you’ll allow teachers or schools admin staff to access files that are sensitive, then you’ll have to implement stricter controls in accordance with any compliance. Remember, so much important data is sent through email and stored in the cloud or even locally, it’s probably safest to expect that everyone using their smartphone will at some point access sensitive information.
It is very likely students will not be accessing data that is of a sensitive nature from schools internal systems, never the less, it is crucial that schools set out a clear framework of what's expected from the privilege of BYOD. For example, what sites and services are accessible on campus, does this differ from off campus access.
2. Who owns the wireless devices? If your school decides to provide users with smartphones, then you own them and can dictate their use. However, if you allow either staff or students to use their own devices, you can exert less control over them. That said, you can stipulate certain conditions since the devices are connecting via your infrastructure. Namely, adhering to the rules you set in your wireless device policy that users must follow to be allowed to access your network , applications, and data with their personal devices.
3. What security measures must they take on their devices? This may be the most important condition you set. You can require people to set passwords, actively run mobile security software, like anti-virus and self-destruct applications on their smartphones and tablets. You can also ask that the devices be checked against these mandated security techniques before users are given the OK to connect to your network. There are a number of systems that can manage the on-boarding of devices on to your network and our team can help explore the options.
4. Can users sync their personal handhelds with your domain registered computers? When you sync a smartphone to a computer, its easy to transfer private data from one device to the other. This can pose a security risk if someone steals sensitive data and then leaks or gives it away.
For both staff and students, syncing their own devices with school owned PC's etc is a path for malware and viruses to come into the network. Because of the nature of schools, users may access multiple system through out the course of the day as they move from lesson to lesson, it is possible for malware to very quickly become a major headache for in house systems and ICT admins and so careful thought should be considered before enabling campus wide systems.
5. Can people share their devices? If some staff have different access rights to schools data, you probably do not want them sharing their handhelds with each other. Any need-to-know classifications your school has given certain employees will help structure this part of your policy.
Enforcing policy
When you write your policy, make the conditions and consequences specific, but don’t name particular devices. By keeping the policy generic to “wireless handheld devices,” for instance, you can be sure that your wireless device usage policy will apply to any new technologies that make their way into your campus.
Your school may have other policies already in place that can help support and enforce the wireless device policy, such as an existing network usage policy, an information classification policy, or an anti bullying policy, but the most critical factor is educating users about the policy. Make sure everyone routinely reviews and understands what conditions must be met for them to connect their personal devices to the network, and the consequences of not meeting the conditions.
Careful planing is key, talk to as many people as you can to seek advice, there are schools in the UK that have adopted a wireless based primary network strategy and so the experience and guidance to help you create your own policy is out there. As always the case, the SWOT team would be very happy to share our thoughts and best practice designs to assist your plans.
All the best
No comments:
Post a Comment