A lot has happened and a lot is yet to happen…
WINDOWS UPDATE
Most school computers were updated to Windows 10 1709 during the break. Major upgrades don’t feel as different as they used to when the name was changing (Windows XP, 7, 8…) but they still bring major changes at times. This is not the latest version you can get (Windows 10 1803) but this is to be expected as major updates go through a testing process before they are released to us.
Single Sign-On
Every time you type your password, you are at risk (Watch the video on the right). In the school, getting your password hacked can be as easy as having a student watch while you type your password. To reduce the frequency within the school, we have just launch “single sign-on”. It is now configured and should work as intended on Internet Explorer and Chrome (windows 1709 is compulsory). This will allow you to authenticate seamlessly in Office 365 (outlook, onedrive…) or Office 2016 (and simplify the configuration process of Office 2016). Outside school, you will still be asked for credentials.
GDPR and Emails
On the 25th of May, the General Data Protection Regulation (GDPR) launched. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. If you wonder, we will still have to comply with it after we leave the EU.
GDPR affects every levels of the school and will completely change the way we deal with data. You will hear more about this when our Data Protection Officer, Judicium (https://www.judiciumeducation.co.uk/) comes to talk to us.
In the meantime, we are implementing some policies in Office 365 to help you be compliant with GDPR. I will just mention two today: sensitivity and encryption.
As you can see in the image above, a new toolbar is showing in Outlook 2016 (under the ribbon) where you can set the sensitivity of internal emails. If you hover the mouse over “Confidential” or “confidential view only” a brief description appears. Click on one of these button to make your document more secure. For example, “confidential view only” can not be edited (in a reply/forward), printed, shared, the “print screen” button or “snipping tool” won’t work… it won’t stop someone taking a picture of the monitor screen with a camera though but it will prevent accidental sharing.
Note: If you are curious by nature, you will also notice the “assign policy” button that includes a “Safeguarding” policy. You are not expected to use this just yet but this will allow you to set retention period (8 years in this case) after which the email/file will be erased. Additional categories will soon appear and retention periods will be decided by management but more on this later…
Automatic Encryption of Emails
We are implementing many changes in the background, some visible and some less so. One of them is a “U.K. PII” (Personally identifiable information) rule that applies to email sent outside the school (we also have one for E.U. PII).
If the message contains any of these sensitive information types: ‘U.K. Driver’s License Number’ or ‘U.K. Electoral Roll Number’ or ‘U.S. / U.K. Passport Number’ or ‘U.K. National Insurance Number (NINO)’ or ‘U.K. National Health Service Number’… it will be encrypted.
See the example on the right
One more thing…
Like I mentioned, there will be a lot more changes in the coming months.
But for now I will leave you with a picture that I took in Canterbury.
This little book, as well-designed and as appealing as it might seem, should not exist. Why? The general rule of thumb is… never write down your passwords.
GDPR breaches can occur with hacking (https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/05/the-university-of-greenwich-fined-120-000-by-information-commissioner-for-serious-security-breach/), often with USB sticks (https://www.bbc.co.uk/news/uk-england-kent-44371759), but do not underestimate paper…