The third-oldest school in the U.K. is working to improve cyber hygiene after an employee lost a memory stick that belonged to the school while on public transport. The school, St. Peter's School in York, is following guidance offered by the U.K.'s privacy watchdog, the Information Commissioner's Office (ICO).
The memory stick contained documents “relating to the governance of the school” and was not password-protected, according to local reports.
The ICO recommendations included compulsory data protection training for employees and other individuals who have access to school data, the introduction of a remote-working policy related to personal information access and storage.
Chris Richter, senior vice president of managed security services at Level 3, told SCMagazine.com that schools are “seen as the soft underbelly by criminals and schools are targeted at an alarming pace.”
He suggested that schools follow best practices and understand what data would be valuable to hackers, such as student ID numbers, home addresses, phone numbers, and medical information on students' files. “That is the kind of information that they need to identify, classify, and isolate,” Richter said, “by restricting access and encrypting it in some cases.”
The ICO also mandated that future incidents should be reported as soon as possible, but said it will not take action against the pre-preparatory school.
