Connect with us

Education

The Importance of Trusted Providers in the Education Sector

  • Matt Lorentzen, Principal Consultant at Cyberis

Over the last two years, the Education sector has been subjected to a barrage of attacks that have directly impacted schools’ ability to support learning. The main reason for these attacks appears to be that schools are considered “soft” targets. It is true that cyber security deployment in school environments vary dramatically. This result is often a combination of a lack of budget assignment, capacity to manage and gaps in internal skills for technical staff. Whatever the reasons, attackers are frequently seizing the opportunity to infect, disrupt and hold to ransom education establishments for reasons as old as time. Money.
During the pandemic, the shift to remote learning through cloud providers has seen fast-paced adoption rates with projects swiftly deployed to try and maintain some level of consistency within education. Teachers needed tools that they could use to teach, and students needed a way to receive that learning remotely. Many schools were forced to adopt deployment processes with little planning, and this inevitably allows gaps to creep in.

Emerging Market

There are several high-profile cases of schools being held to ransomware attacks, such as the Harris Federation, a multi-academy trust which fell victim to a ransomware attack that left 37,000 students unable to access their email. With attacks rising, the state of cyber security has become an important topic for heads and governing bodies. The latest academy handbook outlines that schools “must” now understand (https://www.gov.uk/guidance/academy-trust-handbook) the state of their networks. Cyber security is now firmly the responsibility of the school and the trusts that support them.

This creates an inevitable outcome. Schools need help. It is not feasible to expect schools to have a detailed understanding of all the facets within the cyber security industry. There is no doubt that network managers up and down the country are demonstrating an interest, focus and an understanding about the field, but even well-defined networks implementing baseline security controls benefit from an external perspective.

There are some schemes now available that allow schools to baseline common security controls (Cyber Essentials) and whilst these schemes are valuable tools in the management of cyber security, they do not provide the complete picture. Quite rightly, baseline compliance schemes start with the implementation of basic technical controls – such as routers and firewalls on the perimeter, backup processes and the correct use of passwords in the establishment. However, a baseline compliance scheme cannot determine the attack surface available, and can’t give any insight into what attacker could actually do.

The need for schools to seek help with understanding these challenges is creating an emerging market for security assurance services in the education sector. Cyber security testing has been a measurable approach to understanding risks in other sectors (Commercial, Government, Military) for decades and these approaches are now relevant to the education sector. The modern school network is not that different in terms of setup and requirements to that of a commercial business.

Penetration Testing

The only effective way to demonstrate attack chains is to exercise them. If a school wants to understand its exposure, then it needs to be subjected to controlled attacks to determine what the likelihood of success will be. The outcomes of these tests then allow these gaps to be addressed. Even if attacks are not successful, it is still useful to determine whether a school can see these attacks occurring. An attacker is persistent. Penetration testing demonstrates the impact of attack. It can also highlight how effective the controls around data are at preventing unauthorised attacks. GDPR regulation forced schools to consider the way that they handle sensitive information and the ramifications for data breaches are severe.

Lack of Governance

To deliver testing into the sectors mentioned earlier, providers will have to undergo a rigorous process of certification and adherence to standards. For example, the CHECK scheme ratified through the National Cyber Security Centre requires companies to meet criteria to test government environments. There are similar requirements for financial services, for example CBEST overseen by the Bank of England. These schemes also require that companies have personnel that have attained certifications in delivering these types of attacks. The benchmarks for these certifications are set high and expect the individual to have deep technical knowledge about penetration testing and cyber security to pass.

Currently, there is no governance in the education market when it comes to cyber security assurance. Schools are and will continue to be contacted about services that can help them, but there is no current standard required to perform testing any individual or company can deliver this. The danger is that this leads to false outcomes. Schools should consider the following points:
• How can a provider safely demonstrate the risk whilst minimising disruption?
• What background does the provider have in cyber assurance services?
• How will the provider handle any data accessed through testing or compromise?
• Does the provider have processes that can securely delete data after delivery?
• How will your school be supported in communicating the results to school leadership?

All these points should be considered when seeking assurance about the security posture of your school. As there are no current governance processes in place for providers, the responsibility is with the school to understand the risks and the ramifications.


Summary


Schools are now a viable target of attack as they shift to cloud approaches and broaden access to the students and staff. The consequences of a cyber-attack can be severe but the responsibility for understanding this relies on the school and the trust. Specialists in the field can support schools as they quantify the risk and use assurance services to practically demonstrate the gaps. These are effective tools as part of a security programme and this emerging market within education is welcomed. However, a lack of governance in the sector could leave schools at greater risk if providers cannot effectively demonstrate how these services can safely be delivered and what standards and ratification processes a provider has met to be recognised as an expert in the field. If these standards have not been achieved, then what assurance can a provider show that highlights the ability to demonstrate effective attack chains and put the findings of a penetration test into context. The goal of an experienced assurance provider should be to test current boundaries, determine how effective these controls are, communicate what can be done to improve them and provide digestible, prioritised information and advice to leadership teams.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

How AI virtual assistants are transforming education and training

By Gregor Hofer, CEO and Co-founder at Rapport

What separates good doctors from excellent doctors, the type that might get five-star reviews if, like an Uber driver, their services were supported by a smartphone app?

Medical knowledge, expertise, and better outcomes are, of course, the most important factors. But – particularly when dealing with patients’ relatives, discussing risk assessment and imparting bad news – we shouldn’t underestimate the importance of bedside manner.

This might come naturally to some doctors but there are none for whom training isn’t useful, whether at medical school or on the job.

There will always be a place for real human interaction in this training, the type that involves role-play, with actors or colleagues playing out different scenarios that explore the most effective ways to handle difficult situations.

But what if this could be supplemented by more readily available and less resource-intensive experiences that simulate these training environments? And what if it could be applied across numerous sectors, industries and professions, of which there are a great many that could benefit from such an opportunity?

What might that mean for those instigating tricky conversations and, perhaps more importantly, those at the receiving end of them?

Advances in generative artificial intelligence – or GenAI – mean that these are no longer hypothetical questions.

There’s no limit to the type of person this technology could help, but we’ll review three – doctors, those working in corporate HR, and online students – to give a flavour of the benefits it brings.

Before we do, a quick word on how such applications work.

An overview of the technology

It all starts with data. With access to enough content, the type that you store and curate on your internal systems, large language models (LLMs) can be trained to find the most appropriate response to whatever user input they’re exposed to, whether in writing or spoken, and then you as a user can respond to that response, and so the cycle continues.

You’ll have experienced something similar using the likes of CharGPT, but because this is based on your own content, you’re more in control. (For simpler and more prescriptive scenarios, though, I’d add that with the best solutions, you can alternatively import predefined branching dialogue to keep your conversations on track.)

It doesn’t stop there, though; by tapping into a solution that’s supported by experts in linguistics and computer-aided animation, your colleagues can interact in real-time with avatars equipped with believable facial expressions, accurate lip-synching capabilities, natural gestures and the ability to detect emotions.

All of this adds to the user’s willing suspension of disbelief that they’re interacting with a real person, or AI avatar, thereby enhancing the effectiveness of their learning.

These innovations are reshaping how we approach learning and skill development in so many critical fields. We said we’d look at three. We’ll start by returning to medicine.

Medical training

AI assistants can supplement the way doctors are taught to break bad news to patients, one of the hardest things they’ll face in practice and, given its subjectivity, something that can’t easily be looked up in a textbook on anatomy or physiology.

As we said from the outset, this is easier for some doctors than others, but given the literal life-and-death nature of such conversations and the shattering impact that the death of a loved one can have on a relative, there’s always room to improve medics’ empathy and communication skills – which is exactly what this technology delivers.

By utilizing experiential AI tools, clinicians can better use their time, alleviate pressure, fatigue and burnout symptoms, and ultimately allow them to better serve their patients.

Corporate HR

In corporate HR, virtual assistants can significantly streamline and enhance the hiring and firing process, as well as any difficult conversation; whether it’s a tough review, a disciplinary hearing, letting down an employee about a promotion they’d applied for or any other scenario that might bring a bead of sweat to your forehead, it’s all about providing safe and cost-effective practice before doing it for real.

Tech research consulting firm Gartner recently found that more than three-quarters (76%) of HR leaders believe that if their organisation doesn’t adopt and implement AI solutions, such as generative AI, in the next 12 to 24 months, they’ll lag in organizational success compared to those that do, while 34% of HR leaders participating in their January benchmarking session said they were exploring potential use cases and opportunities when it came to generative AI.

If they do manage to adopt the right technology, the impact will be massive among those who deploy it wisely. After all, which company wouldn’t want to upskill its HR professionals in tangible soft skills such as empathy, communication, problem-solving, and conflict resolution in a controlled setting?

Online education

AI-powered tools can hugely boost student engagement in remote learning environments, and the research suggests that it comes close to rivalling in-person experiences. When you consider the staff-to-student ratios common in most educational settings, this should be no surprise – think how many students can fit into a lecture hall (even if they don’t always turn up!).

But we’re not necessarily talking about formal education; this applies equally to any informal setting in which someone needs to improve their education in some way.

With this technology, you can invent new ways to educate your students – or staff – by transforming lessons into experiences, using interactive characters reflective of the subject. This means you can increase user satisfaction and performance without compromising on content.

Whatever the scenario and whatever the use case, the chances are that if you have the right content in sufficient quantities, you can tap it for interactions that would otherwise be lacking in uniqueness or prohibitively expensive.

With AI virtual assistants, everyone’s a winner.

Continue Reading

Business

Dealing with Parental Leave: How Your Business Can Support Employees with Families

Looking after your staff is a fundamental part of running a successful business, ensuring staff turnover remains low and workers remain happily motivated. Workers now have more agency than ever when it comes to choosing their employer, in part thanks to the rise in remote working which means workers are no longer limited to looking for roles within their local area.

39% of UK workers now work at home within a given week and workers are beginning to demand more in terms of employee benefits, especially when it comes to welfare.

One of the areas where employees may focus is “family-friendly” working and benefits. But what does the law say about these contractual offerings? And how can your business benefit from having a comprehensive “family-friendly” benefits package? We spoke to the employment law specialists at Beecham Peacock to discover how your business can become more caring.

What does the law say about parental leave?

In the UK, women are able to take up to 52 weeks of maternity leave. The first 26 weeks of leave, which includes two weeks of compulsory leave (four weeks for factory workers), are known as ordinary maternity leave, while the final 26 weeks are known as additional maternity leave.

During maternity leave, a woman’s rights to pay rises, accrued holiday, and returning to work are protected by the law.

Eligible mothers-to-be are entitled to be paid statutory maternity pay for 39 weeks. This will depend on whether or not they satisfy service and earnings criteria. Otherwise, they may not be able to claim maternity allowance.

Statutory maternity pay equates to six weeks paid at a rate of 90% of average weekly earnings (before tax). For the remaining 33 weeks, the current rate of payment is £172.48 or 90% of their average weekly earnings – whichever is lower. This rate is reviewed annually.  

There has been much discussion about the mandatory amount of maternity pay and whether it does enough to support women in the workplace – a recent study found statutory maternity pay is just 47% of the national living wage. To attract and retain women, businesses may wish to consider offering enhanced maternity pay and benefits packages.

For partners, leave entitlements are different. Statutory paternity and adoption leave entitles fathers/partners to take one or two weeks of paid paternity leave, paid at a rate of £172.48 or 90% of their average weekly earnings – whichever is lower. This rate is also reviewed annually.

When this leave is taken differs depending on whether paternity or adoption leave is being taken. Again, your business may wish to consider enhanced leave and pay packages.

For eligible parents, another option that is increasingly taken up is shared parental leave. Whilst the mother will always have to take two weeks of compulsory leave (four weeks for factory workers), the remaining 50 weeks (or 48 weeks for factory workers) can be taken by either parent.

This gives both parents flexibility and the opportunity to spend time with their child.  Statutory parental leave pay is paid at the same rate as the latter part of statutory maternity or paternity pay, and can be paid for up to 37 weeks to eligible employees. Again, businesses may wish to consider offering enhanced parental leave pay to attract and retain employees.

What are the positives of greater employee benefits for parental leave?

Of course, there are extra costs associated with paying more than the statutory pay requirement. However, offering parental leave options and policies that go above and beyond the minimum requirements can benefit a business just as much as it benefits your employees. Such packages will enable business to attract and retain employees.

How to draft a comprehensive parental leave policy

Lisa Branker, Head of Employment Law at Beecham Peacock, advocates for a comprehensive leave policy that supports all of your employees. She comments:

“Entitlements and eligibility for parental leave, pay and benefits should be clearly contained in your business’ relevant policy. If your goal is to attract and retain your workforce through flexible and/or enhanced benefits packages then this information needs to be clearly set out and accessible. A clear policy makes employees aware of how much leave and pay they are entitled to, helps managers to respond to any queries, and allows your business to plan for and support working parents.”

“Pay and leave aren’t the only considerations – for example, your business may be able to offer a salary sacrifice scheme to make childcare arrangements. Other, non-financial support can also be a huge help for new parents or parents-to-be. Increasing the flexibility of working hours or offering a hybrid working scheme can give your colleagues the support they need to manage the transition into parenthood. These measures will enable you to motivate and retain your workforce, without creating an onerous financial burden.”

Every company is different – and there’s unlikely to be a one-size-fits-all solution. Think about which solution (or combination of solutions) is best-suited to your company before creating or amending a parental leave policy. If you’re considering creating or updating your policy, Beecham Peacock’s free policy reviews are a great starting point to check your offerings meet your business and legal needs.

https://www.beechampeacock.co.uk/employment-law/

Continue Reading

Business

Bridging the Gap: Evaluating Technology Companies’ Efforts in AI Consumer Education

Agata Karkosz, Leader at FPAcademy at Future Processing

AI is becoming increasingly influential across various sectors and industries. And its impact is only expected to grow in the future. In fact, AI adoption has more than doubled since 2017, with businesses making larger investments to scale and fast-track development.

With such rapid advancements taking place, it is important to educate consumers about navigating the complexities of the technology.

The Current Landscape of AI Education

There are several companies actively providing education and training in the field of AI. Google AI has been offering AI and machine learning courses to consumers for a few years now, while lesser-known companies, like Coursera, edX and Fast.ai, have also entered the space.

Nevertheless, these offerings are often catered to people interested in learning and developing skills in the technology, rather than the everyday consumer. In fact, research released last year by leading software development company, Future Processing, found that more than two-thirds of UK consumers aged 50 and above felt technology companies needed to do more to help them understand AI.

Respondents were asked what AI applications and tools they are currently using, with AI voice assistants and customer service chatbots coming out on top. But, because the technology’s capabilities are wide-reaching, companies need to up their game to ensure the average consumer is in the know.

Educational Initiatives: Are They Enough?

Companies must work harder to help consumers of varying levels of technical expertise understand AI. Doing so will help demystify AI and build consumer confidence and trust.

Understanding this need, Google AI offers resources such as the “Machine Learning Crash Course”, a free online course designed to introduce individuals to machine learning concepts. Microsoft, too, has its AI School, an online platform supplying free courses and resources covering various AI topics, while other major firms, including Facebook, Intel, Amazon and NVIDIA, have sparked similar education initiatives.

Still, due to fresh technological advancements and research breakthroughs, as well as increased data availability, open source and collaboration efforts, rapid industry adoption, and greater funding and investment, the challenge for companies comes in maintaining up-to-date and readily available education materials.

The Challenge of Simplifying Complexity

The inherent complexity of AI arises from the interdisciplinary nature of the field, combining elements of computer science, mathematics, statistics, neuroscience, and engineering. AI involves complex algorithms, sophisticated mathematical models, and intricate programming structures that are hard to rationalise.

Balancing the need to simplify AI concepts for broader understanding while retaining the essential information poses a significant communication challenge for businesses. Oversimplifying may lead to misconceptions or a lack of appreciation for the complexities involved while providing too much detail can result in confusion.

Successful communication often involves using relatable metaphors, real-world examples, and interactive experiences to engage consumers and help them grasp the fundamental principles without getting lost in technical intricacies. Effective communication about AI requires collaboration between experts, educators, communicators, and the general public to ensure a more informed and inclusive understanding of this rapidly advancing field.

Transparency and Explainability

Enhancing transparency and explainability in AI systems has become a key focus for technology companies to address concerns related to bias, accountability, and trust. Several efforts have been made to make AI systems more understandable and interpretable. Some common strategies and initiatives include:

Interpretable Models

Many technology companies are working on developing AI models that are inherently more interpretable. This involves using algorithms and architectures that produce results that can be easily explained and understood. For example, decision trees, rule-based systems, and linear models are often more interpretable than complex deep neural networks.

Explainable AI (XAI) Techniques

Explainable AI is a research area focused on developing techniques and tools that help users understand the decisions made by AI models. Techniques such as feature importance analysis, saliency maps, and attention mechanisms aim to highlight the factors influencing the model’s predictions.

Ethical AI Guidelines

Many companies have established ethical AI guidelines and principles prioritising transparency and fairness. These guidelines may include commitments to avoiding biased data, providing clear explanations for decisions, and involving diverse perspectives in the development process.

User-Friendly Interfaces

Technology companies are investing in user-friendly interfaces that allow users to interact with AI systems more intuitively to enhance transparency. Dashboards, visualisations, and plain-language explanations help users understand the model’s behaviour and outputs.

Addressing Challenges and Gaps

AI education faces several challenges that stem from the diverse nature of the field, the varied backgrounds of learners, and the evolving landscape of information dissemination.

The rapid evolution of AI is a primary challenge, but a lack of standardisation, diverse audience backgrounds, and the spread of misinformation have also hampered the public’s ability to understand the technology.

The highest concerns surrounding AI are privacy, transparency and security. This is supported by Future Processing’s research, with respondents aged 50 and above ranking security and data privacy as their highest concerns when using AI, followed closely by misinformation and question misinterpretation.

But, through ongoing collaboration and dialogue, governments can establish standards which foster diversity and inclusivity, provide up-to-date resources, and emphasise practical application to deliver more effective and equitable AI education.

The Role of Ethical Guidelines

With AI frequently coming under the spotlight, technology companies are increasingly recognising the importance of ethical guidelines and policies in AI development and usage.

Many have published official documents outlining their ethical principles and values concerning AI. These documents typically cover commitments to fairness, transparency, accountability, privacy, and avoiding biases in AI systems. For example, Google and Microsoft’s respective AI Principles are publicly available documents that articulate the companies’ ethical commitments.

Learning to Embrace

Continuous efforts in AI consumer education are imperative to navigate the evolving landscape of AI, bridge educational gaps, address ethical considerations, and ensure that individuals are equipped with the knowledge and skills needed in an increasingly AI-driven world. The commitment to transparency, inclusivity, and ethical practices will contribute to building a more informed and responsible AI community, meaning we can embrace all it can bring to the table, rather than dwelling on its shortcomings.

Continue Reading

Copyright © 2021 Futures Parity.