With the term coming to an end, many schools will be saying goodbye to both staff members and students. So it is perhaps timely to think about how you manage the IT accounts of staff leavers.
The majority of the people employed in your school will have some access to the IT systems. Hopefully, they don’t all have the same level of access. But between them, they will likely have access to; school finances, the personal data of pupils and other staff, school email and social media accounts, the video conferencing system, CCTV recording, security keys, passcodes and the wifi. When a member of staff leaves, it is essential that your school follows a robust process for removing access rights.
Staff leavers policy
You should have one! And it should identify who is responsible for deleting staff leavers from IT systems. It may not be down to just one person. For example, your IT manager may control access to the curriculum network, whilst the bursar may act as system admin for your SIMS and payroll software. Perhaps your school has class or year group Twitter accounts, or there may be a school Facebook page. Only the account administrator can deactivate users, so if the account admin has just left, you could have a problem.
Does it matter?
There are many scenarios where staff leavers still maintaining access to IT resources and accounts could be problematic. A staff leaver may have left password credentials on a post-it for their replacement (or whoever goes to their desk first) to find. They may have used the same password for all their accounts, meaning a breach of one account makes all their accounts vulnerable. And, of course, some employees don’t leave on the best of terms. A disgruntled ex-employee doesn’t have to be very tech-savvy to create havoc!
Do you need help or advice?
Contact our service desk if you need help accessing your E2BN Protex web filtering administration system.
See the Eastern Cyber Resilience Centre’s post for more information on staff leavers. It refers to businesses, but the advice is equally applicable to schools and academies.
See the ECRC’s education section for more advice on school cyber security issues.
Find out how Endpoint Protection can reduce your risk of cyberattacks.