CYBER SECURITY
to the exposure of sensitive student and staff information, the loss of hard-earned intellectual property, and massive disruption for education IT teams. Perhaps most damaging is the loss of trust from parents and the community when a ‘safe’ learning environment is compromised. While many UK school leaders rely on Cyber Essentials – the UK government-backed scheme that helps organisations of all sizes protect themselves against common, internet-based cyber-attacks – as their benchmark, it is important to recognise that this is a baseline. Traditional security strategies often focus on protecting laptops, servers, and networks, while connected classroom devices and software receive far less attention. However, today’s vulnerabilities often enter through authentication misconfigurations or third-party software libraries embedded in software. As classroom technology ecosystems, such as panels and tablets, become increasingly connected to wider networks, the importance of ‘secure-by-design’ practices – where security is baked into the product from day one – becomes a non-negotiable requirement for any tech supplier.
Ensuring a secure supply chain One of the most important terms education leaders need to know this year is the SBOM (Software Bill of Materials). An SBOM is essentially a digital ‘list of ingredients’ used in a particular piece of software.
In the tech world, we are seeing a rise in ‘supply chain attacks’. This is where hackers don’t attack your school directly; they attack a piece of software code used by a tech manufacturer. If that manufacturer doesn’t know exactly what is “under the hood” of their product, they can’t protect you.
At Promethean, we believe in ‘secure-by-design principles’ and maintaining transparent update processes, and maintain the security of our Promethean ActivPanel® through a controlled lifecycle, providing the visibility necessary to identify and mitigate risks before they impact the classroom.
Solving the ‘teacher friction’ problem The biggest threat to security isn’t always a hacker; sometimes, it’s nothing more than a misconfiguration. A consistent concern we hear about is teachers logging into their Google or OneDrive accounts on a shared panel and feeling it’s not secure. Considering how busy educators are, any process that is not streamlined will open itself up to gaps – for example, a teacher keeping the device logged on to save time between lessons.
But security should never be a barrier to teaching. This is why we focus on reducing user friction and translating security requirements into day-to-day operational behaviours through ‘secure-by-design’ development practices, controlled updates, responsible disclosure, vulnerability scanning, and clear guidance to customers on secure configuration, including centralised management of platforms – something that is integrated as standard with Promethean’s ActivPanel® – alongside ongoing maintenance.
The ‘legacy OS’ trap
A significant issue for IT admins is the legacy operating system. You may have a panel that
April 2026
www.education-today.co.uk 35
is still under warranty, but if the underlying software version is no longer supported, it stops receiving security patches and is no longer under the full control of the hardware manufacturer. This is a major vulnerability.
A screen that can’t be patched is a permanent hole in your school’s digital security. Patching alone won’t solve every problem, but it is a critical part of a much broader security strategy. When choosing a supplier, school leaders must ask: “How long will this software be supported?” and “Is the security integrated as standard?” At Promethean, we view security as an ongoing commitment rather than a ‘set-and-forget’ activity.
AI: the new frontier
Finally, we cannot ignore the role of Artificial Intelligence. While AI offers incredible opportunities for personalised learning and more efficient product development, in the wrong hands it can be exploited to find vulnerabilities in software supply chains.
The industry must be proactive. We are moving toward a world where ‘secure-by-design’ isn’t just a buzzword – it’s a requirement to defend against increasingly innovative methods of attack. This means schools should look for partners who don’t just sell hardware, but who practice responsible disclosure, finding and fixing problems before they can be exploited.
A call to action for school leaders Security at the device layer and security at the network layer are separate but equally important objectives. It is no longer enough to ‘leave security to the network people’. Effective protection requires collaboration and proactive planning across your classroom technology, IT, and security teams.
When you are looking at your next technology investment, it’s worth looking beyond the ‘flashier’ data, such as screen size or screen brightness, but talk technical – how is your software and data truly protected? And just as important, how long is it protected for? Without this safeguarding in place, the most impressive education equipment risks being nothing more than an expensive door that’s been left unlocked overnight.
At Promethean, security is a fundamental part of the product design process, ensuring that the technology used in classrooms not only enhances teaching and learning, but also supports schools in maintaining safe and secure digital environments.
For educators looking to strengthen their approach, we recommend the National Cyber Security Centre’s schools resource hub, which offers practical, accessible tools and advice to help improve cyber resilience: u
ncsc.gov.uk/section/ education-skills/cyber-security-schools
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44
