A school nearby no longer purchases laptops for teachers - this trend started at a time when home PC's were fewer and further between after all - and instead each classroom has a desktop and home access to data is via VPN and Terminal Server, so in theory no data leaves the site. Staff work on lessons at home and bring them on memory sticks.
Are you saying that the way banks ,businesses, universities etc using vpn to access a server is not bulletproof or have I misunderstood. You get the staff to sign a policy that says they will only work on network drives and not save work to the desktop etc. They then connect to the server using 2 form authentication + encryption.Quote:
That's not really a bulletproof solution, and wouldn't be a credible workaround to the ICO, as you are not enforcing a policy of no mobile data unless it is encrypted.
Why would the ICO have an issue with this?
:thumb: got it.
As it happens, our LA doesn't allow VPN access from home, which leads most teachers down the line to the hard drive / USB storage solution as it's quick and easy.
I appreciate the need for data to be encrypted when it's off-site to minimise risk. But also I'm looking at the fact this has been recommended by an audit at one school but nothing's been mentioned in the audits of the other three who do exactly the same thing! Is is a case of encryption is best practice or mandatory or just "nice to have" in your professional opinions? Are there any standards or minimum requirements stated anywhere that I can quote for the need to do this?
Ou LA once told our schools they were required by law to use Sims Gateway. Pinch of salt with anything LA says.Quote:
As it happens, our LA doesn't allow VPN access from home
You will probably find they control the ports or some other part of the IT system and like to keep things standardised as it is easier for them to manage, but at the end of the day it is up to the school to run itself.
I can not tell you how much simpler and better our systems have been since installing RDS (remote desktop services) for the staff to access from home. Why would the LA want to stop you doing this?
Encryption of data that is leaving your system I would say is definately classified as "best practice", my point of view is, if one of my staff takes a laptop offsite, with sensitive information on it, leaves it in the back of their car and it is stolen... How long before that data either ends up in the wrong hands or in the public domain? It is your responsibility as a network administrator to ensure safe and secure storage of data. If you hold student/parent contact information in your MIS, and that is portable, it must be protected, surely?
This is just my opinion, i'm not sure about what each LA or the law requires?
It is too easy to reset the user/password registry hive in Windows 7 with UBCD for example, and gain complete control of the device and the data it holds, encryption prevents that.