School cyber security: Reporting a Vulnerability

TL;DR

Found a problem with your school’s computers or network? Don’t tell everyone! Report it directly to the right people at your school – usually IT staff or a designated contact. Be clear, calm and provide as much detail as you can without trying to fix things yourself.

Reporting a cyber security Issue: A Student’s Guide

1. Stay Calm & Don’t Panic:
   • Finding a potential issue is good – it means you’re observant! But don’t rush into anything.
   • Avoid telling friends or posting about it online. This could cause unnecessary worry and potentially worsen the situation.
2. Identify Who to Tell:
   • Your school should have a process for reporting IT issues, including cyber security concerns. Check their website (look for ‘IT Support’, ‘cyber security Policy’ or similar).
   • If you can’t find anything online, contact:
   • The IT department directly – email or phone them.
   • A trusted teacher who might know the right person.
   • Your school’s data protection officer (DPO), if they have one.
3. Gather Information (Carefully!):

   The more information you can provide, the better. But do not attempt to exploit or worsen the issue.

   • What happened? Describe exactly what you saw and did that led you to believe there’s a problem.
   • Where did it happen? Which computer, website, app, or network area was affected? Be specific (e.g., “The school Wi-Fi”, “The login page for the library system”).
   • When did it happen? Date and time are important.
   • Screenshots: Take screenshots of any error messages or unusual behaviour. Be careful not to capture sensitive information like passwords! Use a tool built into your OS (e.g., Print Screen on Windows, Shift+Command+3/4 on Mac).
   • URLs: Copy the web address if it’s an online issue.
   • Don’t try to fix it yourself! You could accidentally make things worse or break school rules.
4. Write a Clear Report:
   • Use simple language – avoid technical terms if you’re not sure about them.
   • Be factual and objective. Stick to what you observed, not your opinions.
   • Example report structure:
   1. Subject: Potential cyber security Issue – [Brief Description]
   2. Body:
      • I am writing to report a potential issue I found with… (explain what you found).
      • Here’s what happened: (detailed description of the steps you took and what you saw)
      • This occurred on [date] at approximately [time].
      • I have attached screenshots as evidence.
      • Please let me know if you require any further information.
5. Send the Report:
   • Email is usually best, so there’s a record of your communication.
   • If you’re concerned about immediate risk (e.g., someone actively trying to hack into accounts), try to contact them by phone as well.
6. Follow Up (Politely):
   • If you don’t receive a response within a reasonable timeframe (a few school days), follow up with a polite email asking for an update.
   • Don’t repeatedly bombard them – give them time to investigate.
7. Respect Confidentiality:
   • The school will likely need to investigate the issue thoroughly. They may ask you not to discuss it with others while they’re working on it. Respect their request.

What NOT To Do

• Don’t try to hack back or exploit the vulnerability further. This is illegal and could get you into serious trouble.
• Don’t share details publicly on social media or with anyone outside of school staff.
• Don’t attempt to fix the issue yourself unless specifically asked by IT staff.