Schools are enhanced by SEND pupils

My Twitter feed has recently included several posts from educators shocked by examples of schools which seem to exhibit a lack of inclusiveness. Vic Goddard (@vicgoddard), Brian Lightman (@brianlightman) and Stephen Drew (@StephenDrew72), among others, have expressed concern about schools which seek to dissuade prospective parents of students with special educational needs or disabilities from applying. This is done by suggesting, or even explicitly stating, that the School cannot meet the child’s needs, through what Stephen Drew has described as a ‘blatant anti-inclusion narratives’.

These posts have quite rightly highlighted the unfairness and indeed discriminatory nature of denying education to such children, but I would like to make an additional point. It is not just those children who miss out: the whole school community is made poorer by such moves that reduce the diversity of that community. As the Canadian Philosopher, and founder of the L’Arche communities, Jean Vanier put it:

As soon as we start selecting & judging people instead of welcoming them as they are – with their sometimes hidden beauty, as well as their more frequently visible weaknesses – we are reducing life, not fostering it.

Students with special needs enhance a school. They help students understand the diversity of our society, together with the challenges faced by those who do not represent the typical norm, not just in a hypothetical ‘this week we’re supporting a charity for people with X’ kind of way, but as a daily reality. Not least they will learn that nobody should be labelled by a condition, or seen merely as a problem because of it, but rather that we are each a unique combination of attributes, experiences, competencies and aspirations. As such, an inclusive school should see SEND provision as a welcome, positive expression of a healthy learning community.

Much of the comment I have read, and understandable frustration, concerns the actions of individual schools. While it is tempting to view the issue at this level (and only right that wrongdoing should be highlighted for action), I wonder if these actions by single schools aren’t a symptom of a systemic problem? Our current system of Progress 8 scores, Ofsted gratings, and league tables encourages competition between schools. I have written previously in praise of partnership and the good that can be achieved through cooperation. Perhaps the solution to providing truly inclusive educational provision, especially in times of financial hardship, lies in schools working together to pool expertise and resources. Imagine the power of a partnership that commits to securing the best possible outcomes for every child in the community it serves.

Advertisements

Lessons from a Ransomware Attack

This isn’t my usual kind of blog. It’s about how our school responded to a ransomware attack and what we learned. As it turns out, not everyone talks about this so malware attacks on schools may be more of a problem than many of us realise. 

We first noticed attack on The morning of 17th July when we found that several documents on our fileserver were encypted. It seemed at first that only some files on one server were affected, then it became apparent that files on another were also encrypted. We decided to shut down all our servers to halt any spread of an infection. This of course meant that the school had no ICT facility: teachers had no acesss to lesson resources, and there was no access to our information management system.

Our excellent ICT team identified the ramsomware as ‘.Aleta’ and discovered that the infection had occurred at around 6.30am on the previous Saturday, 15th July on a server used by all the schools in our academy group, despite our use of security software. The finance serWe later learned from the police that this type of malware is most frequently spread by remote desktop access protocols.  Our ICT team worked all that day and the next to wipe the system clean and restore files from a full backup made on Friday 14th July. As a result we were only without ICT for a day, although some facilities were only restored on the second day. 

We warned the schools in our Multi-Academy Company and other local schools. We weren’t using email, so we did it the old fashioned way, by phone. It was quite hard to talk to a human being at some schools!  We reported the incident to Thames Valley Police who also urged us to report it to Action Fraud, who coordinate with the National Fraud Intelligence Bureau. In reporting this attack, I learned from the police that not everyone does so, or chooses to report the details to Action Fraud. I can only speculate as to why this is – perhaps they don’t want adverse publicity, or to indicate that there may have been a vulnerability in their systems. Presumably a proportion of victims pay, or why would such attacks continue?  It seemed to us that adding our small piece of the jigsaw to the database of such attacks was the only way we could help tackle them. Action Fraud told me that the perpetrators would undoubtedly be based overseas and there was little chance of bringing them to justice in the short term, but thanked us because every piece of additional information helps build a picture of this type of criminal activity, providing insights into how to counter it. Reporting the details of the crime also enabled the police to give us specific advice on how to deal with it. We didn’t need this help because we had a recent backup we could use to restore our system, but the police do have a database which can be used to decrypt many files affected by such attacks.

We did not contact the authors of the malware and we certainly didn’t pay a ransom, nor would we. Quite apart from the obvious moral argument about paying criminals and so helping fund and encourage their further activities, to do so seemed foolish in the extreme, We didn’t open any of the ‘ransom’ files placed on our network, but found screenshots of the instructions they contained on the internet. We weren’t asked for a specific amount but told that the fee, in bitcoin, would depend on how soon we responded. In exchange for payment, we would be sent a file to unlock the encrypted files. Deliberately launching an executable file sent by criminals didn’t sound like a good idea!

  

Lessons we learned

  1. This is what a critical incident plan is for! It’s essential to have a plan in place to cover the network going down – for example hard copy contact details for pupils, so you can contact home, and of the timetable so you know where everyone should be. Think about how often you access school information on a computer – how would you get that same information without a network?
  2. It pays to back up your network. For our school, a regular backup protocol meant that we could restore our systems and suffered only minimal loss of data. For teachers, the message is to also back up your own files, and keep the copy away from the network and the school premises. We all know this, but do we all do it?
  3. Remote access is used by many schools and can be a real help to staff. Remote Desktop Protocols are a known chink in the armour of network security, however, so how confident are you that you are protected? It’s worth checking.
  4. If it happens, it’s really worth reporting it. It helps tackle this kind of fraud, assists others, and also allows you to access help and support.
  5. We were fortunate in having a team with the expertise to deal with this situation. Are your IT team prepared? Is there any training you need to provide?

I hope that this doesn’t happen to your school and there’s no reason to think schools are particularly being targeted (who would think schools have money?!). It’s best to be prepared though, so I also hope this account of our experience will help others. I’d be interested to hear from other schools who have had similar experiences.

    Action Fraud can be contacted on 0300 123 2040 or via their website www.actionfraud.police.uk which also has a wealth of up to date information on Fraud and cybercrime.