Security protocol to help schools keep student photos safe online: SchoolBench
Schools often have policies for taking, storing, and using photographs but sometimes security protocols to keep student photos safe online are incomplete.
For example, Australia’s eSafety Commissioner, has the following guidelines for schools:
Schools should have protocols on the storing of videos and photos which require:
- secure passcodes/passwords for all devices to stop unauthorised access
- use of devices that are owned by the organisation and/or school to take photos and videos
- secure storage of photos and videos (e.g. secure school server) and their deletion from the devices within a reasonable time
Sadly, even with these measures in place, there are still ways for sensitive data about students to “leak” from the images and videos shared online by schools.
Keeping student photos safe online: The firewall
If there’s one thing certain in life, apart from death and taxes, it’s that cloud-based storage systems are targets for hacking.
Writing in The Conversation, Haibin Zhang, Assistant Professor of Computer Science and Electrical Engineering, University of Maryland, Baltimore County, has recently argued that cloud services that offer online indexing of your files, puts your data at risk of being tampered with or stolen.
Commercial cloud storage systems encode each user’s data with a specific encryption key. Without it, the files look like gibberish – rather than meaningful data.
But who has the key? It can be stored either by the service itself, or by individual users. Most services keep the key themselves, letting their systems see and process user data, such as indexing data for future searches. These services also access the key when a user logs in with a password, unlocking the data so the person can use it. This is much more convenient than having users keep the keys themselves.
But it is also less secure: Just like regular keys, if someone else has them, they might be stolen or misused without the data owner knowing.
Given this vulnerability, the SchoolBench web app is designed to be installed “on premise”.
This means the system operates safely behind your school’s firewall, on your servers.
Thus, SchoolBench ensures school IT professionals can monitor the application in a known and trusted environment.
Keeping student photos safe online: Active Directory
As most schools have role based access controls in place through Active Directory, SchoolBench uses this AD first for access, but also through AD groups SchoolBench can control what individuals access and do.According to Microsoft, Best Practice initiatives for “hardening” Active Directory against attacks include:
- Patching applications
- Patching operating systems
- Deploying and promptly updating antivirus and antimalware software across all systems and monitor for attempts to remove or disable it
- Monitoring sensitive Active Directory objects for modification attempts and Windows for events that may indicate attempted compromise
- Protecting and monitoring accounts for users who have access to sensitive data
As a result, SchoolBench has been designed to work with access permissions granted by a school’s Active Directory settings.
In such environments, it means SchoolBench can access the resources it needs while staying robustly within the access parameters it’s been granted.
Keeping student photos safe online: Tailored permissions
A further step towards keeping student photos safe online is the way SchoolBench can limit permissions for teachers and other contributors to relevant areas of access.
In the School Governance article, Online Predators and Cyber Grooming: Does your school know how to respond, Deanne Carson shares the insight children are at risk from known and trusted people, which included teachers.
One in five Australian children will experience some form of sexual abuse before they turn eighteen. In 90% of those cases, the offender will be known to the child; often a family member, close friend or trusted person working or volunteering with children.
While this is a disturbing insight that applies to all organisations, including schools, the SchoolBench developers believe the prudent move of limiting access to media file collections and directories pertinent to a user’s role can mitigate damage if and when a “bad actor” is at work.
An example of limited access to student photos and videos in SchoolBench would be the situation in which a Year 7 teacher only has permission to see images for their class or year.
By instituting access on an “as needs” basis, SchoolBench helps keep student photos safe from staff, unless they have a particular role that requires them accessing specific media files.
Keeping student photos safe online: Hidden metadata
One of the weakest links in the chain, when it comes to keeping student photos safe online, is the metadata that is encoded within each media file.
We’ve previously expanded on this, here: How Facial Recognition Technology makes media files School Ready.
However, further points have been made about just how much personal information is revealed through metadata, in an article by Adelaide University PhD candidate, Richard Matthews, Image forensics: What do your photos and their metadata say about you?
In a photo he took of the bookshelf in his office, his review of the metadata for that image revealed not only which building he works in on Frome Street, Adelaide, but also whereabouts in the building his office is.
To make SchoolBench fast and accurate in its indexing and ability to find images, it uses enhanced metadata, combining the file’s data with cross-referenced datapoints from school sources, like class timetables, usage permissions, etc.
However, as part of the school security protocols in place in SchoolBench, that enhanced metadata is kept in the secure database and not stored in the image.
This means unauthorised people and predators, are unable to download the image and review its metadata like child’s name, year, event, etc.
Keeping student photos safe online: Police checks
In granting just how insidious privacy breaches can be, especially with student photos and videos, Parashift, the company that has created SchoolBench, has added an extra layer of security for schools.
Because Parashift staff work closely with school IT departments in installing, configuring, and setting up SchoolBench on site, all staff are police checked annually.
This final piece in the 5-star security protocol ensures that at all points along the journey through the SchoolBench system, processes are in place to help keep student photos safe online.
To discuss your school’s security concerns in managing student photos and videos, contact SchoolBench for a preliminary discussion and to arrange a demonstration of this robust web app.