NetSafe Kit For ECE

NetSafe Kit for ECE
>
Welcome to the NetSafe Kit for ECE Services

Early childhood education providers are rapidly discovering the potential benefits technologies such as the internet, email and digital photography bring to childrens learning and development. It can be easy to forget that using these technologies, particularly in the presence of young children, creates a responsibility to carefully manage the associated risks.
NetSafe and the ECE sector share a concern for the safety and wellbeing of young children and this kit is designed to help ECE services manage the risks connected with the use of information and communication technologies. The NetSafe Kit for ECE outlines a cybersafety model based on internationally recognised principles of information security, which have been adapted to account for the special nature of New Zealand ECE services and the families and communities they support. It is divided into two parts, which should be read in order. Each part has been broken into smaller sections to enable teachers, educators and managers to cover each topic in a few minutes. Each section begins with a purpose statement and ends with one or more simple key actions. The sections can then be re-read later as services use the model the kit provides to implement and maintain a cybersafety programme at their service. The teachers and educators present at the initial consultation sessions will be pleased to see we have followed their wishes in making the NetSafe Kit for ECE user friendly and in providing plenty of time saving templates and checklists. More resources are available online at our website www.netsafe.org.nz. I would like to thank the wide range of individuals and organisations that have assisted in the development of the NetSafe Kit for ECE. Their involvement has ranged from brief discussions and attendance at consultation meetings and workshops, to editorial input and professional or legal advice. Because of such generosity of time and expertise, the kit reflects the diversity, capability and aspirations of those connected with the ECE sector and their communities. A special thank you is also extended to the ICT team in Early Childhood, Curriculum, Teaching and Learning at the Ministry of Education for their assistance with the publication of this resource. Finally, as a former teacher and a parent with young children, I am well aware of the selfless commitment of time and energy made by those who endeavour to provide a quality start to childrens education. I hope this kit will make it easier to safely manage the risks associated with the increased use of ICT and help you to continue the important and valuable work you are doing so well. Richard Beach Education Sector Manager NetSafe
NetSafe ECE Kit
>
Contents
What is NetSafe? What is Cybersafety? What is at Risk for ECE Services? Legal and Regulatory Requirements for Cybersafety Te Wh ariki and Foundations for Discovery 3 4 5 6 8 9
Section 1 1.1 1.2 1.3
NetSafe ECE Kit
1.4 1.5
Introduction to Part 2 Section 2 2.1 2.2 2.3 2.4 Who will Manage Cybersafety at an ECE Service? Three Sides to Cybersafety Policies and Procedures Electronic Security The Net Basics Additional electronic security measures Managing ICT 2.5 2.6 2.7 2.8 Education for the ECE Community Educating Young Children to be Cybersafe Responding to Incidents Objectionable and Restricted Material
10 11 12 14 15 17 20 24 26 28 29
Appendices A: B: C: D: E: F: G: Useful URLs NetSafe ECE Incident Response Flowchart Sample Parental Consent Form to Publish Childrens Work or Photographs Online Sample Letter of Invitation to Parents ICT Evening Sample ICT Incident Log Cybersafety Checklist for ECE Services Glossary of Terms 31 32 33 34 35 36 37
Section 1.1
What is NetSafe?
Purpose of this section
Briefly describe NetSafe
NetSafe is an independent non-profit organisation providing cybersafety and online security education for all New Zealanders.
The aim of NetSafe is to educate all New Zealanders about safe and responsible use of information and communication technologies (ICT). NetSafe works with children, parents, early childhood education services, schools, community groups, businesses and individuals to assist them to maximise the benefits of ICT while minimising the associated risks.
NetSafe ECE Kit
The NetSafe website address is www.netsafe.org.nz. The website contains a wealth of resources including articles, advice, downloadable templates and other information. Printed resources can also be ordered from the website. NetSafe runs a toll free helpline 0508 NETSAFE (638 723) to give confidential information and advice on any ICT-related concerns or issues, as well as an email query service queries@netsafe.org.nz NetSafe is located on Level 3, 130 Broadway, Newmarket, Auckland.
Key Actions
/
Date
/
Initial
1. Make a preliminary visit to www.netsafe.org.nz and bookmark the page for future reference.
Section 1.2
What is Cybersafety?
Provide a definition of ICT Provide a definition of cybersafety
NetSafe ECE Kit
ICT stands for Information and Communication Technology. Not only does this include computers and laptops, but also digital cameras, storage devices such as DVDs and memory cards or USB sticks, MP3 players, mobile phones, games consoles and other similar electronic equipment and associated technologies for example the internet, broadband, computer software and wireless communication technologies such as Bluetooth.
Many ICT devices are capable of performing a wide range of tasks. For example most mobile phones can be used to talk and text and in addition, to take photos and video, access the internet, play music, visit chat rooms and play games. In this context this is known as convergence. Convergence means cybersafety isnt just about computers and the internet but has implications for almost everything we do in our modern lives.
Cybersafety: the safe and responsible use of information and communication technology. A cybersafe learning environment is one where ICT is used safely and responsibly to support effective learning and teaching.
The key words here are safe and responsible. It is possible to be completely safe while sending threatening text messages, or making unauthorised use of an organisations internet connection, however most people wouldnt consider this behaviour responsible. Cybersafety takes on an additional dimension in the education sector and extra responsibility exists for those working with, or caring for, young children. Teachers and educators have a pivotal role in developing the attributes of cybercitizenship in children and young people. Cybercitizenship implies that users of technology are safe, confident and act with integrity.
Cybercitizenship encompasses both digital literacy and media literacy. What we are working toward with online safety education for young and old is the collective wisdom to ensure that our world is not simply more connected, but more humane in that connection. Liz Butterfield Director, Hectors World Ltd
Key Actions
/
Date
/
Initial
1. Make a list of all the ICT used by your ECE service.
Section 1.3
What is at Risk for ECE Services?

Raise awareness of cybersafety risks for the ECE sector
Major cybersafety incidents can have serious consequences for the personal safety and wellbeing of the children, for the services safety, reputation, effectiveness and finances, and for the professional standing of the teachers or educators involved. In February 2007, NetSafe carried out a survey of 205 ECE services which indicated that while a high percentage were using information and communication technologies such as the internet in the learning environment, many of these services were inadequately prepared to deal with the associated risks. Key areas where a significant number of services were not meeting best practice were the use of passwords to manage access to their computers, policy covering the safe and responsible use of ICT, and having a minimum standard of electronic security in place. These are all key factors which are essential in ensuring a cybersafe environment particularly when working with young children.
NetSafe ECE Kit
The widely accepted minimum standard of electronic security includes: Regular updates to the operating system Anti-virus software Anti-spyware software A firewall
As well as service-based ICT, individuals are increasingly bringing privately-owned ICT devices into ECE services. Mobile phones (which have a range of capabilities from recording and storing sounds and images, to internet access), digital cameras, digital music and video players, laptops, storage devices such as USB sticks, and gaming consoles, all have the potential to be accidentally or deliberately misused. The range of incidents which ECE services could find themselves facing may include: Children being exposed to inappropriate or age restricted material perhaps as the result of an unwise internet search, lack of adequate supervision, an age restricted game being brought on a portable game console, or even inappropriate images on a mobile phone brought into the service Unauthorised viewing or sharing of personal details Loss of important confidential data stored on service computers, digital cameras or other ICT equipment Inappropriate use of mobile phone cameras in the service, or of the services digital camera lent out to families Inappropriate use of internet access by teachers, parents, families, visitors, or other contracted staff Illegal downloading of copyright music Bandwidth theft via wireless networks Harassment of staff via mobile phones and internet message boards Expensive technical support costs as a result of the services computers becoming compromised by viruses, spyware or other malicious software.
Key Actions
/
Date
/
Initial
1. Download and read First Steps to Cybersafety from the NetSafe website to learn how cybersafety is relevant to young children and for basic advice about keeping young children cybersafe.
Section 1.4
Legal and Regulatory Requirements for Cybersafety

Demonstrate how cybersafety may relate to legislation and regulations Indicate who is accountable for cybersafety
ECE services are required to comply with a range of laws, regulations and ethical standards. Most of these do not specifically mention cybersafety, but a physically and emotionally safe learning environment is dependent on attention to some basic cybersafety principles and on accounting for ICT when considering whether the service is meeting legal responsibilities.
NetSafe ECE Kit
For example, where regulations require that equipment be safe, this should include ICT equipment. The licensee of a licensed centre must ensure that equipment and materials in the centre to which the children attending have access are kept safe... Education (Early Childhood Centres) Regulations 1998 section 24 (1) (a)
Accounting for cybersafety issues when developing curriculum, will also help promote and nurture childrens health and well-being. Educators should plan, implement and evaluate curriculum for children in which (...) their health is promoted and emotional well-being nurtured; and they are kept safe from harm. Revised Statement of Desirable Objectives and Practices for Chartered Early Childhood Services in New Zealand 1996
In the proposed regulatory framework a link to cybersafety practices is more obvious. All practicable steps are taken to protect children from exposure to inappropriate material (for example, of an explicitly sexual or violent nature). Proposed licensing criteria for centre-based ECE services (HS33)
The Education Act 1989 requires that an employer notify the Teachers Council if there is reason to believe that the teacher has engaged in serious misconduct. The Teachers Council Rules 2004 consider this to include viewing, accessing or possessing pornographic material while on school premises or engaged on school business . These rules also apply to registered ECE teachers and at ECE service premises.
In addition ECE services are bound by wider legislation. The Health and Safety in Employment Act 1992 requires employers to take all practicable steps to provide and maintain for employees a safe working environment . This is an obligation which extends to volunteers.
The Films, Videos, and Publications Classification Act 1993 makes it illegal to make, possess or distribute objectionable material. It is also a crime to provide children with restricted or adult material. The Act also makes an employer liable for the illegal actions of their employee unless the employer took steps to prevent those illegal actions.
The Privacy Act 1993 requires services to put in place reasonable security safeguards to stop personal information collected about others being lost or accessed without authorisation. If the information is stored on a computer, then safeguards should at least reflect industry standards, which in New Zealand include: Having a policy covering aspects of information security such as privacy and the protection of organisational records Ensuring staff are aware of existing privacy and security policies and obligations Enforcing restrictions on access to such information (such as password protected computer accounts).
The Teachers Council Code of Ethics also requires that teachers and educators about learners (...) consistent with legal requirements .
protect the confidentiality of information
As can be seen from the examples above, all adults in an ECE setting share responsibility for the wellbeing of the children attending, and every employee must accept responsibility for their personal conduct. However, accountability for the safety of children and staff rests with the licensee. If there is a serious cybersafety incident, it is the licensee who will be expected to explain why due diligence and due care were not practised. This section does not form an exhaustive list of legal and regulatory obligations. The implementation of a cybersafety programme based on the advice given in this kit will however help services meet their obligations.
Key Actions
/
Date
/
Initial
1. Scan through your services policies and procedures relating to health and safety to see if and where any reference is made to cybersafety issues.
NetSafe ECE Kit
Section 1.5
Te Wh ariki and Foundations for Discovery

Describe how cybersafety relates to the Early Childhood Curriculum (Te Wh ariki1) and Ministry of Educations 2 Framework for ICT development (Foundations for Discovery )
Te Wh ariki
New Zealands Early Childhood Curriculum reflects and caters for a diverse range of early childhood education settings. Cultural, organisational, environmental, philosophical and individual differences are acknowledged. This encourages teachers and educators to apply their skills and knowledge to deliver good quality learning programmes.
NetSafe ECE Kit
The principles of Te Wh ariki align with the attributes of cybercitizenship which include being confident, safe, responsible, and interacting with integrity. By encouraging children to be safe and responsible users of technology, ECE services will help meet the aspirations of Te Wh ariki to produce competent and confident learners and communicators who are both empowered and secure.
Foundations for Discovery

Through this document, the Ministry of Education is providing standards and guidelines for effective use of ICT in early childhood centres. One of the six principles that make up the framework states that ICT use should recognise and address issues of safety and appropriateness .
The range of issues referred to in the framework include:
Exposure to inappropriate online information and material, protecting childrens privacy in the recording and transmitting of personal information and images, health and safety concerns relating to the use of ICT equipment and ensuring resources and information used by children are appropriate for their stage of learning and development and other ethical concerns (for example, informed consent). Foundations for Discovery (p.19)
1. Te Wh ariki: Early Childhood Curriculum; Ministry of Education; Wellington; (1996). 2. Foundations for Discovery; Ministry of Education; Wellington; (2005).
>
Introduction to Part 2
The previous section illustrated that ECE services are obliged to ensure that all use made of ICT in relation to the ECE environment is carried out in a safe and responsible manner. Meeting these obligations includes: Developing policies, systems and procedures to help ensure children, teachers, educators and other users of ICT are not exposed to inappropriate material or activities Implementing adequate security to protect important, personal or sensitive information held about children and their families, employees or volunteers at the service Providing education and guidelines covering the appropriate use of ICT at the service.
NetSafe ECE Kit
The second part of the NetSafe Kit for ECE outlines a comprehensive approach to address these obligations in ECE services.
Section 2.1
Who will Manage Cybersafety at an ECE Service?

Outline how responsibility for cybersafety may be allocated
The cybersafety programme must be fully supported and driven by management*. It should be implemented by a team of at least two people, including a person with senior level experience designated the Cybersafety Manager.
NetSafe ECE Kit
10
* Depending upon the nature of the service, the designation of management will vary. In some cases, such as a small, privately run service, management may be a sole proprietor. In other cases, accountability may rest with a board, executive, or even a group geographically removed from the service itself. For the purposes of this document, management is the individual or group who is ultimately responsible for the safety of children, teachers, educators, volunteers and visitors at the service. This will include the licensee, even in those circumstances where a licensee does not take an active role in setting the strategic direction for the service.
The Cybersafety Team

No one person should have sole responsibility for cybersafety. What if the one person with complete knowledge of the cybersafety programme leaves the organisation, or worse, is the one deliberately breaching the cybersafety policy? Management delegates responsibility for the cybersafety programme to the cybersafety team. The team reports to management through the usual channels such as monthly updates at management meetings. By having a cybersafety team, a service will help to ensure consistent, reliable attention to safety and security with regards to the use of ICT. Some of the knowledge and skills required when developing and maintaining a cybersafe learning environment typically include developing policy, community consultation, budgeting, technical knowledge and personnel management. While there are certainly individuals in the sector who possess all of these skills, the responsibility for the day to day implementation of a cybersafety programme needs to be shared. Some services will be large enough to allow two or even three personnel occasional time to work on the cybersafety programme. Others may be able to call on the resources of their umbrella organisation. Smaller services may consider forming a team consisting of an educator, along with a parent or committee member, or even pooling resources with another ECE service in the local community.
The Cybersafety Manager

For practical reasons, one person should head up the team. This person must be someone with senior level experience. The position will carry the title of Cybersafety Manager. The Cybersafety Managers responsibilities may include: Gathering together a team to support the development and implementation of their cybersafety programme Leading the development of the cybersafety policy (templates are available from www.netsafe.org.nz) Acting as the main point of contact regarding cybersafety at their ECE service Reporting regularly to management.
Key Actions
/ / /
Date
/ / /
Initial
1. If necessary, refer management to this document. 2. Identify a potential cybersafety manager. 3. Identify who could be involved in a cybersafety team at your service.
Section 2.2
Three Sides to Cybersafety

Provide an overview of the cybersafety model
The NetSafe Model for a Cybersafe ECE Service is comprised of three main components: Appropriate policies, use agreements and procedures An effective electronic security system A comprehensive cybersafety education programme for the ECE services community
Using the analogy of a three legged stool, each leg is as important as any other. An ECE cybersafety programme following best practice stands firm on each of the three main components identified above.
NetSafe ECE Kit
11
Some of the biggest threats to cybersafety do not necessarily occur through malicious activity, but are often the result of poor or non-existent guidelines and user education. Electronic security, such as firewalls and filters, provide some defence against specific risks. But well written policies and use agreements, clear procedures and cybersafety education, will do far more to reduce risks than technological tools alone. The next three sections cover each of the individual components of the NetSafe cybersafety model in more detail.
Key Actions
/
Date
/
Initial
1. Make a brief list of all known current cybersafety initiatives in place at your service. Remember to include policies and documentation, known electronic security measures and education programmes.*
* The purpose of this exercise is for you to evaluate your own knowledge of what is in place, rather than perform an actual audit against a recommended list of cybersafety initiatives. A cybersafety checklist is included at the end of this document, but for now just go on your own knowledge.
Section 2.3
Policies and Procedures

Describe why policies and procedures are important Outline what effective cybersafety policy and acceptable use agreements will contain
Cybersafety Policy
Developing a cybersafety policy is a good way to begin discussions about cybersafety at your ECE service. Involving a range of stakeholders such as teachers, educators, parents and community members in the initial discussions will help the policy reflect the values of the community. Community consultation may also identify problematic issues early in the process.
NetSafe ECE Kit
12
The cybersafety policy should be developed first as it drives the other components of the cybersafety programme.
Good policy development will help to identify agreed practices and procedures; for example, the policy should outline who has access to the services ICT and how it may be used.
Acceptable Use Agreements

Acceptable use agreements inform people of the cybersafety policy and procedures and of their own obligations relating to the safe and responsible use of ICT. Acceptable use agreements should be developed after the cybersafety policy as they support the day to day execution of the policy.
Characteristics of a good cybersafety policy: Reflects the values and aspirations of the community Assists a service to meet legislative requirements Enables a shared understanding of agreed practices Provides guidance Comprehensive enough to be both practical and useful Reasonably future proof Covers both service-owned and privately-owned ICT (such as mobile phones) Is reviewed on a regular basis
Characteristics of good acceptable use agreements: Reflect and support the cybersafety policy Clearly outline expectations for all signatories Have wide acceptance by signatories Are signed and copies kept by all signatories, including the ECE service
Both the cybersafety policy and the acceptable use agreements can act as a reference at a later date.
Templates for a cybersafety policy and acceptable use agreements can be downloaded from the NetSafe website. ECE services are encouraged to personalise these documents to their individual requirements in consultation with their umbrella organisation. Latest versions are always available for download from NetSafe.
The scope of Cybersafety in relation to kindergartens was a lot wider than I first thought. Its not just about the internet but covers anything where ICT is involved including the use of mobile phones. Therefore developing a policy on Cybersafety was initially quite daunting. Netsafe's policy and use agreements were invaluable in making this process much easier. Once the Cybersafety policy and use agreements were finalised, Netsafe provided a training module which was very effective in training our 107 teaching teams. As a result of the training, teachers have an understanding of how to use ICT safely and responsibly to support effective teaching and learning. Natalie MacKenzie Professional Services Manager, Auckland Kindergarten Association
NetSafe ECE Kit
13
Key Actions
/ /
Date
/ /
Initial
1. Download and read the NetSafe templates from www.netsafe.org.nz 2. Check with your umbrella organisation and find out what policy and acceptable use agreement templates are currently being used or recommended.
Section 2.4
Electronic Security
Provide basic guidance about electronic security good practice
Electronic security is an essential component of ensuring the security of equipment and information at an ECE service. Good electronic security will help ensure equipment and data is up and running when it is needed. It will also help protect the data on the services systems from unauthorised access and give users confidence that information they rely on has not been compromised in any way. The technical aspects of ICT can seem daunting, but managers need to know enough to be able to have a two way discussion with suppliers, or technical support professionals. This section has been split into three parts: The Net Basics Additional Electronic Security Measures Managing ICT
NetSafe ECE Kit
14
The Ministry of Education is developing a set of specific technical guidelines relating to ICT infrastructure security and cybersafety. At the time of printing this kit, these guidelines were in the draft stages of development. When complete, the guidelines will be available via the Ministry of Education website.
The Net Basics

At an absolute minimum, computers need to be protected through: Regular updates to the operating system Anti-virus software Anti-spyware software A firewall
Together, NetSafe calls these components the Net Basics.
Regularly updated operating system

Major operating system vendors provide updates to their products on a regular basis. These updates are often produced to fix bugs or vulnerabilities which could allow a computer to be attacked by a malicious hacker. It is very important to install these updates as they are issued. The best option is to turn on the automatic update facility in the operating system. Updates will then be downloaded automatically as required. In time, vendors retire older versions of their operating systems and after this date, updates are typically no longer supplied. Services should not run retired operating systems.
NetSafe ECE Kit
15
Anti-virus software
All computers, regardless of brand, should have anti-virus software installed. Even computers for which fewer viruses exist are capable of passing on viruses to other machines. Viruses infect machines, or may be contained in files ready to be emailed or copied to other computers. There are thousands of viruses with a range of effects including crashing machines, destroying data, hijacking your internet browsing and producing annoying or inappropriate pop-up windows. Some viruses allow hackers to take over the computer via the internet. These computers are then used as zombies or bots as part of a botnet to attack other computers or simply as email machines sending thousands of spam emails across the internet. The result could be a sudden increase of internet charges, or a drastic reduction in your internet speed. Almost certainly the compromised computer will exhibit a reduction in performance, perhaps even rendering it unusable.
Installing anti-virus software demonstrates responsible computing in a modern connected online environment.
Anti-virus software seeks out viruses and destroys or quarantines them. Most anti-virus software works by hunting for known viruses either on the computers hard drive, or as they arrive via an internet connection. This list of known viruses needs to keep itself up-to-date and does so by automatically downloading new virus definitions from the manufacturers website, hence the subscription fee for some products. There are a number of anti-virus programs available. Some are free, while others require an initial purchase, followed by a subscription to keep the software up-to-date. Running more than one piece of anti-virus software on one machine can cause conflicts. Some anti-virus software recognises other anti-virus products as a virus and tries to remove it which can cause serious problems on the machine. Network versions of anti-virus software are available which sit on the server and keep each computer on the network up-todate. Laptops that come and go from the network are updated when they are connected. This can be a sensible and cost effective option for some services. Licence packs are sometimes available covering a number of machines or even a whole organisation. Some computer retailers include anti-virus software with new machines. These are often trial versions where the licence expires after a set time. The option is then given to extend the licence by purchasing the full version of the software.
Anti-spyware
Spyware installs itself onto a computer and then sends information over the internet to wherever it is directed. This information may be harmless (such as which web pages are visited) but spyware will often be recording more sensitive information such as usernames and passwords, bank account details and other confidential or personal information. Several anti-spyware programs exist and many work in a similar fashion to anti-virus software, requiring an initial fee followed by a subscription to stay up-to-date. There are also free anti-spyware packages available. Care should be taken when downloading such software as sometimes free anti-spyware may actually contain spyware itself. ECE services should use a trusted brand. Some Internet Service Providers (ISPs) provide anti-virus and anti-spyware products as part of their internet access package.
Firewall
A firewall is like a gate which only allows certain types of data to pass between a computer and a network or the internet. For example, a firewall can be configured to block instant messaging traffic, but allow email and web browsing. Firewalls can help stop hackers accessing a machine from the internet and many can stop an infected machine sending out sensitive data. Firewalls can be configured to be relatively open, allowing all types of data through, or locked down tight. Some only block data travelling from the internet onto the computer, others block data travelling in both directions. There are two main types of firewall; software and hardware. A software firewall is installed on a computer and protects that machine. A hardware firewall is a separate piece of hardware which sits between the internet and a network and protects all computers on that network. Routers usually contain built in firewalls so if you have one of these on your network you may already have a firewall in place. Software firewalls usually have a simple user interface with default options making them easy to get up and running. Hardware firewalls require specialist technical knowledge to configure properly, but have the advantage of being a single point needing administration as opposed to a separate program residing on every computer in the network. The latest versions of Microsoft XP Professional/Vista and Mac OS X both come with firewalls. These should be turned on unless a third party firewall product is being used. There is not a lot of benefit in having more than one firewall in place unless they are performing separate tasks.
NetSafe ECE Kit
16
All-in-one packages
Many of the major security software companies provide anti-virus, anti-spyware and firewall services bundled together as a suite of products. This can be an easy to manage and efficient alternative to purchasing and maintaining multiple software programs.
Dont forget the laptops

It is important to remember that laptops may be protected by the network firewall or anti-virus software when they are connected at the service, but when they are taken home they will be relying on their own protection software being installed and turned on! This is especially important if there is a possibility they will be connected to the internet while away from the service. Make sure laptops are still protected by the Net Basics when they are away from the network.
Key Action
/ /
Date
/ /
Initial
1. Make an initial visit to the Net Basics section of www.netsafe.org.nz for more detailed information relating to computer security. Save the page in your bookmarks or favourites. 2. Check all computers and laptops to see if they have the Net Basics in place.
Additional Electronic Security Measures

The Net Basics is a minimum recommended level of electronic security. Additional measures are recommended which will contribute further to the maintenance of a safe and secure learning environment.
Use strong passwords

Using passwords can protect against unauthorised access to a computer and the data it contains. A strong password has the following characteristics: Mixture of numbers, letters and symbols Mixture of upper and lower case At least eight characters long
Passwords should not be dictionary words. Some hackers use tools which try every word in the dictionary. Passwords should not be written down and should not be obvious e.g. staff, kindy, or admin. Nor should they be easily guessed by someone with a little personal knowledge e.g. pets name, spouses birthday. Passwords should not be shared. Given enough time, a password breaking tool will break any password. Strong passwords decrease the likelihood that a malicious visitor or amateur hacker will gain access.
NetSafe ECE Kit
17
Create user accounts

Computer users should only be given access to resources they actually require. Individual user accounts allow a computer administrator to set up these access rights. For example a manager may have their own username (e.g. maryb) and password which gives them access to all the data on a system. A part time teacher may also have a username and password, but their username may allow them access only to the internet and the childrens learning stories. Blocking the teachers access to things like financial data and staff records reduces the possibility of that teacher accidentally (or deliberately) accessing, modifying, or even deleting data. Visitors, such as occasional parent helpers, could be given a temporary account, or use a generic account such as visitor. This account should have only the resources they need available to it, and the password must be changed regularly. Older children should be taught to remember a username and password. It is a skill which is becoming increasingly important.
Usernames are sometimes confused with passwords. Usernames are what identifies a person to the computer and the password is how that person proves they really are who they say they are (by entering something only they know). People in an organisation can know each others username; however passwords should not be shared.
Individual user accounts can also serve a useful purpose during troubleshooting or investigations. Computers log the actions of users and by reviewing these logs it is possible to determine who was logged on, when and what they were doing. If there is only one user account for everyone at a service (e.g. staff), all that an investigator can determine is that someone was logged on as staff when the problem occurred. Individual user accounts can also be used to customise the computer to each users requirements; e.g. font size, email accounts, internet favourites and so on. It is good practice for all regular users to have their own user accounts.
Backup, backup, backup

Backing up is a systematic practice of regularly making a copy of important data and securing it in a safe place.
A good backup system includes: Backup device and media (the discs or tapes which store the backup) A description of which data is to be backed up A plan for when and how often backups are scheduled A plan for recovering data in the event of a failure
NetSafe ECE Kit
18
Administration data such as attendance records should be backed up at least daily. Policy documents, photos or meeting minutes could be included in a weekly backup. Some backup systems initially copy the entire hard drive, and then automatically backup only those documents which have been changed. Other systems are set to copy everything, overwriting the oldest versions on the backup media. Equipment options range from quick backups using USB memory cards or writeable DVDs, to overnight backups onto specially designed tapes capable of storing many gigabytes of data. Portable hard drives can also be used and are capable of storing large amounts of data relatively quickly. Some technical support companies offer online backups where the backup is performed via the internet. This sounds ideal as the responsibility falls with the support company and the data is stored securely off-site. There may be implications however for data privacy, as well as cost with large quantities of digital images and video being captured in many ECE services. Backup software can be purchased, although most operating systems have backup functions built in. Administration software will often have a built-in backup process which should be run regularly. With most backup systems, the procedure begins with the creation of a script or job which defines what files are to be backed up and when. For each backup, the person responsible then simply clicks a button and maybe changes the media as prompted. Regardless of the method, some basic guidelines apply: Backups should be performed regularly and often Copies of important data should be encrypted and stored securely off-site Regular checks should be carried out to confirm the backups are working Someone (maybe technical support) should be available who knows how to restore the data.
Consider content filtering

Content filtering systems usually work by comparing website addresses to a list of blocked sites. If a user is trying to access a site from the blocked list (blacklist), they will receive a message denying them access to the site. Alternatively, if a service wanted to block all websites except those that had been specifically approved, a whitelist can be created. This is a common approach used where young children are using ICT, but can be overly restrictive for adults. Other filtering systems examine a web page for content such as offensive language and will block access if any is found. Some ISPs provide a filtering service as part of their internet access package. Filtering is useful for stopping accidental access to inappropriate content, however due to the enormous variety and number of web pages available, no filtering is 100% effective. Filtering systems will also not stop a determined user with a small amount of technical knowledge. In addition, not all material enters a network via the internet. Memory sticks, digital cameras and discs could also be carrying inappropriate material which can find its way onto the network. Filters should not be relied upon as the sole means of protecting anyone using a computer from inappropriate material or activity and should be used in conjunction with policies, use agreements and cybercitizenship education.
Use Safe Search options

Many search engines can be configured to remove adult content from the results list. These options will usually be found under a preferences or advanced search link on the main search engine page.
Junk mail (spam) filters

While it is mostly harmless, excessive spam can clog up email systems, use up bandwidth and be time consuming to deal with. However some spam does contain inappropriate, malicious or illegal content. Many email programs have built in junk mail filters. These can usually be configured to be very strict or very lenient. Other ways to reduce spam include: Posting email addresses on the service web page as graphics rather than text (so that a machine cannot read and harvest the address) Being very careful about giving out the email address Restricting use of the services email system to service business only Never clicking on the links within spam messages, especially click here to be removed from the list type links Ensure regularly updated anti-virus and anti-spyware software is running on all machines Avoid using out of office replies. Some out of office services cannot distinguish between legitimate email and spam, thus confirming the target email address as active as they respond.
Restrict downloads
An increasing number of websites are available from which media such as video and music can be downloaded. These services, as well as other activities such as VoIP (telephone calls over the internet) and video messaging require broadband to work reliably. This may have financial implications as data caps are reached or exceeded resulting in hefty internet access charges. Use of such services should be carefully monitored.
NetSafe ECE Kit
19
Enable wireless security

Wireless networks allow computers, particularly laptops, to access the internet or the services network from almost anywhere within the range of the transmitter. This range may extend outside the services physical boundaries, such as on the street or in neighbouring houses. It is possible to detect wireless network signals and can be relatively easy for a skilled person to surf the internet using the services internet connection, or even access the services files. Wireless network devices come with security options which must be turned on in order to minimise the risk of unauthorised access to the wireless network.
A services wireless network should only be set up by a person qualified to do so and who can attest that the appropriate security options have been enabled.
Use monitoring and reporting software

Most operating systems have built in tools which can provide reports about how the computers have been used such as dates and times users have logged on and websites visited. Third party software is also available which will perform similar functions. Organising a regular report from this software (or from the technical support provider) can be a useful tool in spotting trends or unusual access.
Key Actions
/ / / /
Date
/ / / /
Initial
1. Set up individual usernames for regular ICT users if these are not already in place. 2. Enquire about backup options with your technical support provider. If backups are already in place, check that they are working correctly. 3. Set up spam filters on your email system. 4. If the service uses wireless, check that wireless security is turned on. (Older wireless devices use WEP which is an outdated method of securing wireless networks and is no longer considered safe. Wireless networks should be using at least WPA or better still WPA2.)
Managing ICT
The introduction of ICT into the learning environment needs to be well planned. Good planning accounts for ongoing maintenance, pedagogical implications, financial considerations and any impacts or demands that may be placed on teachers and educators themselves.
Make ICT a regular item in the budget

Budgets must account for maintenance and upkeep of equipment, as well as renewal. Old equipment, especially if connected to the internet, is less likely to have up-to-date security tools installed and may not even support current versions. Components such as hard drives which store data, do not last forever. Budgets need to account not only for the purchase of security tools, but also for equipment renewal on an ongoing basis.
Standardise hardware and software as much as possible
NetSafe ECE Kit
20
The keep it simple rule can save time, money and stress, particularly if something goes wrong. Standardising the services ICT simplifies the task of setting up and maintaining electronic security; settings can be shared and copied to other machines on the network, users will benefit from the consistency, and technical support will be more efficient and cost effective. Standardising the ICT can mean: Using the same versions of software on all computers Software is often sold in licence packs where you get one copy of the software but enough licences to run it on as many computers as there are in the service. Restricting downloads Software such as extra toolbars for internet browsers or favourite email or instant messaging programs can cause problems on a computer. Restricting customisation of the desktop Colourful desktop backgrounds or unusual icons can confuse users and encourage tampering with system settings.
Keep software to a minimum

Every new piece of software installed on a computer increases the chance of something going wrong. It also increases the strain on the computers resources. Many free programs contain spyware or adware and any extra software not included with a new computer or purchased from a reputable retailer should be researched thoroughly before installation. If a second hand computer has been donated to a service, it should have all previous software removed and the hard drive should be re-formatted before it is used. This will require the operating system to be reinstalled. The service is legally required to own the licence to install the operating system. Software to avoid includes: Extra toolbars for browsers (unless they are produced by a major browser manufacturer) Peer to peer software (often used for illegally downloading music) Software which causes unnecessary downloading such as desktop backgrounds which download new images from the internet Any software which is a pre-release or beta version Any third party (not produced by the operating system vendor) software which claims to speed up or fix the computer, particularly if it has been downloaded from the internet on a properly maintained computer this software is unnecessary Software for which the service does not own a licence.
Installation of any software, especially software downloaded from the internet should be by permission from the management only. Management should keep an updated register of approved and recommended software and seek the advice of an ICT professional if there are any doubts about new software.
Documentation is essential and can save both time and money

Keeping a paper-based record of the hardware (including computers, networking devices, cameras, projectors, etc) and software can be useful, especially during incidents requiring technical support and for insurance purposes. Information to be documented could include: Computer make, model, serial numbers, operating systems (and version) Other software installed including educational or email packages ISP (including payment plan, username and support number) Technical support phone number Backup type and frequency Website host, URL and contact number Administration software details including support number Other device details (make, model and serial numbers of printers, cameras etc).
This information should be kept in a secure place which is accessible to staff in an emergency.
NetSafe ECE Kit
21
Internet
ADSL Modem Make/Model
Wireless Router Make/Model
Computer 2
Location Make/Model Serial Number Operating System (e.g. Windows XP) Service Pack (e.g. SP2) Firewall (e.g. Windows) Anti-virus MAC Address
Computer 1
Location Make/Model Serial Number Operating System (e.g. Windows XP) Service Pack (e.g. SP2) Firewall (e.g. Windows) Anti-virus MAC Address
An example of how a service may begin to visually document its ICT
Leasing as an option
Leasing may appear expensive, but can actually be more economical in the long term. Leases can be easily calculated and budgeted for, unlike unexpected repairs or upgrades to systems owned by a service and no longer covered by warranty. Also, in an ideal world, when an expensive item like a computer is purchased, each month thereafter a little money should be put aside for upgrading that equipment in a few years time. This rarely happens in reality, meaning the equipment serves far beyond its recommended lifetime, becoming more vulnerable to breakdown with each passing day. Leasing enables services to spread the cost of hardware over the life of the equipment. It also encourages funds to be earmarked for ICT in budgets on a regular basis. Leasing may also help a service to standardise its ICT, making it easier for people using the equipment to get on with teaching and learning. Leasing ICT can be problematic if your service is relying on grants. Leased items are not eligible under many grant schemes which is unfortunate as leasing can help to address a number of cybersafety issues related to equipment. Most leasing arrangements allow equipment to be upgraded every three years or so, depending upon the term of the lease. Up-to-date equipment is able to run the latest software, which is usually more secure. Lease terms will also cover repairs and maintenance, reducing the reliance on helpful volunteers to tinker with important and expensive equipment.
NetSafe ECE Kit
22
Get support from a qualified professional

Good electronic security can be useful in helping to minimise risks. However, few ECE teachers or educators started in the field with the intention of becoming computer security experts. Some services will be in a position where ICT support is made available through their association. Others will find they rely on the generosity of well meaning parents or other people associated with the service. All support should be from qualified professionals, preferably under some form of contract, be it short term or ongoing. The financial cost which may be associated with using professional support is likely to outweigh the costs following a major incident such as the loss of enrolment or personnel data. Technical support comes in a range of forms. It may involve using a contractor or support company on an ad-hoc basis to come in to the service and fix any problems as they occur. At the other end of the spectrum, there are companies which will manage the installation and maintenance of your computer systems, as well as fixing technical problems and even providing training. In some cases, companies will only offer phone support and others will be able to maintain your system remotely over the internet. Some insurers also provide remote ICT support services, such as backing up, as part of their packages. On a financial note, it is worth bearing in mind the cost associated with teachers and educators being taken away from their primary responsibilities in order to fix computers. Things to consider when choosing technical support: Are the technicians formally qualified? Does the company have experience in the education sector? Does a contract include a response time and coverage? (e.g. on site within 2 hours 24 hours a day 365 days per year) Does the contract include service levels? (Sometimes companies will include a figure of, for example, 96% uptime. This means they guarantee a server or website will be up and running 96% of the year. But this means it can be down for 15 days. Is this acceptable?) Does the contract describe services accurately e.g. exactly what is backed up, how often and how long it will take to restore in event of a failure? Will the technicians be expected to sign a confidentiality agreement or similar? Have technicians visiting the service been police checked? Can the company supply any references? What do costs cover? Does the work come with any warranties?
Disposing of old hardware

Eventually the time will come when old hardware needs to be disposed of. Care should be taken to ensure that personal, confidential or sensitive data is not lost. Hard drives should be completely wiped at this point using appropriate software that destroys the data, making it irretrievable. The Government Communications Security Bureau (www.gcsb.govt.nz) recommends www.blancco.com or www.comsecent.co.nz. The most secure option is to physically remove and destroy the hard drive. Dont forget to backup the data first! If hardware is to be disposed of, be responsible and ensure it is done in an environmentally friendly manner. Contact the hardware vendor or your local council for information about disposal programmes.
Key Actions
/ / / / 1. Refer to the list you made in section 1.2 and set up a template or system to document ICT at the ECE service. 2. Make a list of all software and hardware used by the service. Check computers against this list and remove software not listed. (This should be performed by a qualified technician to avoid deletion of important software.) 3. Investigate technical support agencies available locally.
Initial
NetSafe ECE Kit
23
/
Date
Section 2.5
Education for the ECE Community

Provide resources and ideas which will assist services to help families and personnel become safe and responsible users of ICT
The New Zealand ECE experience, with its increasing integration of ICT, provides an ideal opportunity for young children and indeed many adults to begin learning about cybercitizenship.
NetSafe ECE Kit
24
Cybercitizenship is about being confident, competent users of ICT and acting with integrity.
One of the most important roles adults have in helping to educate young children is to model safe and responsible behaviour. Teachers, educators and parents, regardless of their technical expertise, can demonstrate the basics of cybercitizenship.
The professional development provided to our educators was really valuable in opening our eyes to the wide variety of ICT devices and necessary practices for safe and responsible use. Although we were all at different levels in our use of and knowledge about ICT the training was relevant, informative and interesting for all of us. It gave great practical advice for use at our centres and homes. To assist children in safe and effective use of these technologies the adults around them first need to feel that they are competent and confident themselves. Education for educators and the wider community can help you feel capable to guide the children's explorations. Veronica Pitt Canterbury Playcentre Association
ECE services have at their disposal a growing number of resources to help educate their communities about cybersafety. Some options include: Distributing the free NetSafe pamphlets to families contact 0508 NETSAFE (638 723) Organising a parents evening about how ICT is being used and including a section about how the service promotes the safe and responsible use of its ICT. (A short PowerPoint template for a suitable presentation about cybersafety is available from www.netsafe.org.nz) Involving the community in consultation relating to the development or review of the services cybersafety policy and acceptable use agreements.
Most cybersafety issues arise from within an organisation and in an ECE environment will likely be the result of inadequate procedures, knowledge and skills rather than malicious behaviour.
Professional learning for ECE teachers and educators

NetSafe has developed professional learning modules for early childhood teachers and educators. The modules are delivered nationally by licenced training providers and NetSafe personnel. An initial online module acts as a primer, and upon completion, educators can attend either one or both of the following two workshops: Cybersafety Policies, Procedures and Community Education which deals with the management oriented aspects of setting up a cybersafety programme ICT and Cybersafety which delves more deeply into managing the technical aspects of cybersafety in an ECE service
I had a limited knowledge and complacency about cybersafety and the NetSafe Professional Development was a huge eye-opener for me. I had truly not realized what a minefield is there for the unaware and the implications for those who are nave and unaware. As a result the parameters and protocols around use of the Internet for our children, and by the adults supporting them, are much more defined and I believe we are working in a much safer environment. This I have applied in my own Internet use both professionally and personally as well. Margaret May Head Teacher, Greenhithe Kindergarten
NetSafe ECE Kit
25
Key Actions
/ / /
Date
/ / /
Initial
1. Visit www.netsafe.org.nz and download the order form for free NetSafe resources. 2. Download and view the community seminar template from www.netsafe.org.nz 3. Visit www.netsafe.org.nz to find out when and where cybersafety training will be available in your local area.
Section 2.6
Educating Young Children to be Cybersafe

Provide resources and ideas for teachers and educators about educating young children in cybercitizenship
NetSafe has developed a tool which gives an overview of important cybercitizenship skills. The Cybercitizenship Pathway begins at the ECE level and provides teachers and educators with a progression of cybercitizenship attributes through to school year 13. The pathway is available for viewing on the NetSafe website.
NetSafe ECE Kit
26
The strands in Te Wh ariki align with the key competencies contained within The New Zealand Curriculum. Cybercitizenship education integrates these strands and competencies with values, assisting learners to become confident, competent and ethical users of ICT. ECE educators need to account for the skills and attributes young children will require not only for their immediate environment, but also for the online environment they will inhabit as they grow. ICT initiatives in education that promote communication and contribution in digital societies should encourage educators to focus not only on technical skills, but on competencies relating to acceptable behaviour, co-operative learning and effective communication. Te Wh ariki provides ample opportunity to integrate cybercitizenship education into an ECE environment. Most obviously, cybersafety can be related to the goals within the well-being strand. Cybersafe learning environments will also be facilitated as young children develop related exploration skills, such as problem solving, asking questions, reflecting and becoming familiar with the use of creative and expressive media. Cybersafety education for young children is best integrated into daily practices. Educators can model safe and responsible behaviour by: Asking children if its okay to take their photograph Being seen to be using passwords when accessing computers Demonstrating effective searching by discussing key words before using search engines Exhibiting discretion when viewing search results Using nicknames when entering details into websites which require users to log on Seeking help if they are having difficulty using the ICT Showing consideration for others when communicating online Thinking carefully about how they present themselves on online Demonstrating calm and appropriate responses to incidents which may occur.
One of the risks for young children is that their apparent skill in using ICT may be misinterpreted by adults to mean they have the skills to react appropriately to every circumstance. Modelling how to react to cybersafety incidents is as relevant for the wellbeing of young children in todays always online environment, as teaching them how to react to other risky situations.
Children should be taught to trust their instincts. If something happens while online which makes them feel weird, creepy, or just doesnt feel right, children should know to seek help from a trusted adult. The Hectors World Safety Button is a tool which can help teach young children this strategy.
NetSafe ECE Kit
27
2003-2008 Hector's World Limited under licence. All rights reserved. Co-created by Inkspot Digital Limited.
The Hectors World Safety Button is a small animated graphic of Hector or one of his friends which swims on the screen. Clicking on the character covers the screen entirely with a friendly image that congratulates the child for being responsible and tells them to go and find an adult to help with the situation. The software is free and can be downloaded from www.hectorsworld.com. The website contains sections for parents, teachers and educators and aims to help educate young children about cybersafety through animations, puzzles, games and other fun and informative activities. You can also display a colourful Connect with Hector poster (available in English or Te Reo M aori) near the computer to remind children about keeping safe online. These posters are available at no cost from NetSafe.
Key Actions
/ / /
Date
/ / /
Initial
1. Set aside time in a team meeting to discuss the model behaviours bulleted above and other ways to model safe and responsible use of the services ICT. 2. Download and install the Hectors World Safety Button on service computers, visit www.hectorsworld.com and display the poster. 3. View the NetSafe Cybercitizenship Pathway online and list some ideas you have to introduce cybercitizenship education in your service.
Section 2.7
Responding to Incidents
Provide a first stop for incident response
Even with a comprehensive cybersafety programme in place, incidents may still occur. Cybersafety measures reduce risk, but do not remove it altogether. In the event of a serious cybersafety incident occurring, a service which demonstrates it has done all that could reasonably be expected i.e. followed best practice, is more likely to come through with both its reputation and the safety of its children, staff and families intact. The response taken will differ in each situation and it is important that a service is seen to respond appropriately.
NetSafe ECE Kit
28
Minor incidents, such as accidental viewing of inappropriate material by staff members may be dealt with initially by the individual concerned and in accordance with the services cybersafety policy. More serious incidents such as those involving harassment or illegal material, particularly in the presence of children, will require a more comprehensive response. It is very important that all incidents and the responses taken are logged using an ICT Incident Log or other similar system. A hazards register may be used providing it meets certain criteria. The most important criteria for an ICT Incident Log are: Pages cannot be removed easily without some evidence of tampering Entries are handwritten and continuous without blank spaces between them.
See Appendix E for an example template of an incident log. Following most incidents, an evaluation by the cybersafety team and involving management, should take place to determine how well the incident was dealt with. Other factors that may need to be considered are whether support is required for anyone involved and whether an audit of the services ICT needs to take place. A forensic audit involves an expert technician analysing a given piece of ICT. Using specialised tools, the technician will be able to provide a detailed account of how a computer or other device has been accessed and used, including who was logged on and what activities they engaged in. Due to the way in which most ICT stores data, this information can potentially be recovered even after it has been deleted. NetSafe can advise services who may be considering this course of action.
NetSafe has considerable experience in assisting organisations responding to cybersafety incidents. ECE services are encouraged to call NetSafe toll free on 0508 NETSAFE (638 723) for independent and confidential advice in such circumstances.
NetSafe ECE Incident Response Flowchart

NetSafe has produced the NetSafe ECE Incident Response Flowchart to assist services responding to various cybersafety incidents, particularly where inappropriate material or activity is concerned. The flowchart is designed as a thinking tool to guide responses rather than act as a strict procedure. See Appendix B for a copy of the NetSafe ECE Incident Response Flowchart. The professional learning module Cybersafety Policies, Procedures and Community Education, contains exercises in which participants work through a range of cybersafety incident scenarios using the flowchart.
Key Actions
/ / / / 1. Set up an ICT Incident Log and inform staff. 2. Create a quick reference list of contacts for use when dealing with cybersafety incidents. This list could include relevant management personnel, insurers, local police, technical support, NetSafe, NZEI, umbrella organisations etc. 3. Keep a copy of the NetSafe ECE Incident Response Flowchart in a handy location and inform teachers and educators of its whereabouts and purpose.
/
Date
/
Initial
Section 2.8
Objectionable and Restricted Material

Provide a level of understanding of the terms objectionable, restricted and inappropriate
Objectionable material
The term objectionable is used to describe material under the Films, Videos and Publication Classification Act 1993 that: describes, depicts or expresses, or otherwise deals with matters such as sex, horror, crime, cruelty or violence in such a manner that the availability of the publication is likely to be injurious to the public good.
All objectionable material is banned and it is an offence to make, copy, possess, supply, advertise, exhibit or make available to another person (of any age) such material. The penalty for knowingly being in possession of objectionable material is either a term of imprisonment not exceeding five years, or a fine of up to $50,000. The penalty for knowingly distributing or making objectionable material is a term of imprisonment of up to 10 years. The definition of objectionable does not specifically describe content, so it can be difficult to know whether material which appears borderline is actually objectionable or not. In all cases, it is best to err on the side of caution, assuming that such material could be objectionable until it has been assessed by the Department of Internal Affairs (DIA) or classified by the Office of Film and Literature Classification (OFLC). Material which promotes sexual exploitation of children or exploits the nudity of children is objectionable. So is material that promotes or supports sexual violence, bestiality, necrophilia, torture and other serious crimes.
NetSafe ECE Kit
29
Restricted material
Some material may be given a restricted classification by the OFLC, such as an R18 film or computer game. Restricted material must not be supplied or displayed to people under the age specified on the packaging. Any individual, including a cinema, store or parent, found to have supplied or exhibited restricted material to a person under the specified age can face a fine of up to $10,000 or a prison term of up to three months. A large number of computer games have restricted classifications, often due to the violent or sexual nature of the game. Unfortunately, many young children are likely to be exposed to such material on a daily basis and without supervision. A person under the specified age, who views or plays a restricted film or video game, is not breaking the law by doing so. It is the individual (or organisation) who supplied the material to that person who may be prosecuted. The same laws and penalties apply to anyone showing or supplying unclassified material which would be restricted if it were classified. It is a crime to show or supply legal adult pornography to a person under the age of 18, even if it has not been classified. Whether it is illegal material or not, viewing, accessing, or possessing pornographic material at a service or using the services ICT is a risk to a teachers registration. The current Teachers Council (Making Reports and Complaints) Rules 2004 lists this as criteria for serious misconduct for those engaged in education.
Inappropriate
The level of inappropriateness of material is largely governed by society and by the values and beliefs of the community which the ECE service serves. All objectionable and restricted material (due to the age of children the service caters for) will be inappropriate in an ECE setting. However not all material considered inappropriate will necessarily be illegal. Professionalism and experience will play a large part when assessing the appropriateness of material. Sufficient time and consideration should be given in making such assessments. The fact that the material may be digital rather than in print form, does not make the implications of it being present in the ECE environment any less serious.
Further information and advice

The Films, Videos and Publication Classification Act 1993 contains further information regarding the classification of material. For more information on what is restricted, objectionable or inappropriate see the OFLC website www.censorship.govt.nz. For information on offences and enforcing the law see the DIA website www.censorship.dia.govt.nz. Services are encouraged to call toll free 0508 NETSAFE (638 723) for confidential advice when responding to incidents relating to any material mentioned above.
Key Actions
/
Date
/
Initial
1. Visit www.censorship.dia.govt.nz and bookmark the site.
NetSafe ECE Kit
30
>
Appendices
A: Useful URLS
www.netsafe.org.nz
The website of NetSafe
www.hectorsworld.com
Hector's WorldTM
NetSafe ECE Kit
31
www.minedu.govt.nz
Ministry of Education
www.teacherscouncil.govt.nz
The New Zealand Teachers Council
www.nzei.org.nz
NZEI Te Riu Roa
www.police.govt.nz/service/yes/
Police Youth Education Service
www.ccip.govt.nz/
Centre for Critical Infrastructure Protection a government web page relating to cybersafety issues.
www.censorship.dia.govt.nz
A whos who in censorship compliance and a wide range of useful links with information about the legality of material and how to make a complaint or express your concern.
www.microsoft.com/athome/security/
Microsoft home users security page
www.apple.com/macosx/features/security/
Apple security page
www.iwf.org.uk
Internet Watch Foundation a UK organisation dealing with the issue of online abuse.
www.ceop.govt.uk
Child Exploitation and Online Protection Centre includes information and advice for parents.
www.commonsensemedia.org
A website which reviews various media such as films, videos, computer games and websites and supplies advice on the appropriateness for children based on age.
NetSafe ECE Kit
Cybersafety incident/breach is discovered. Begin documenting each action taken in response. Generally an incident can be classified under one of the three categories below. KEY QUESTIONS
32
ILLEGAL or suspected of being so.
AGE-RESTRICTED Illegal to show, give or sell to a person under a certain age.
INAPPROPRIATE Not illegal, but inappropriate for an ECE environment.
How serious is the incident? What evidence do we have that an incident has occurred? Do we have the expertise to investigate? Who needs to be informed? What other policies and procedures may be relevant?
YES
Is the incident serious enough that management needs to be informed immediately?
NO
Isolate and secure the device (if it belongs to the service).
DO NOT COPY, PRINT or DISPLAY If no ownership issue, close down the device and physically secure it. Immediately inform management of the incident. It is recommended the service seeks legal advice urgently. (This advice could be regarding potential employment or ownership issues and on the reporting of the matter to the appropriate law enforcement agency.) Consider also contacting insurers. Report immediately to management. Isolate and secure device if it belongs to the service.
YES
Perform a preliminary investigation. Does new information necessitate an immediate report to management (in accordance with service policy)?
NO
B: NetSafe ECE Incident Response Flowchart
CONTACT ONE OR MORE:
FOR ILLEGAL IMAGES Dept of Internal Affairs (DIA) Censorship Unit Tel: 0800 257 887
Unless the incident is clearly minor, it is recommended the service seeks legal advice. (This advice could be regarding potential employment or ownership issues.) Consider also contacting insurers. Review media strategy. Call NetSafe for further advice. FOLLOW UP
Clean or sterilise with appropriate software. Log the incident.
FOR CRIMINAL THREATS/HARASSMENT, DRUGS, COPYRIGHT BREACHES (e.g. VIDEOS, MUSIC) OR OTHER CRIMINAL ACTIVITY If an emergency: dial 111 or contact Local Police Station EXAMINATION OF DEVICE May be in-house or outsourced. Could include forensic audit call NetSafe.
SUPPORT: Is support needed for any person involved? LOGGING: Has the incident been logged in the ICT Incident book or Hazard Register? AUDIT: If there has been a serious incident and a full audit has not been carried out as part of the investigation, it is good practice to have one arranged. NetSafe can advise on this process. EVALUATE: How useful was the documentation, e.g. Cybersafety Policy, Acceptable Use Agreements, other ICT documentation? Could the incident response process be improved? Was the reporting process adequate? Has this incident highlighted any further needs, e.g. training?
Tel: _________________________
IF EVIDENCE FOUND INDICATING THE IMPORTATION OF ILLEGAL ITEMS Customs Service Tel: 0800 428 786
HELP REGARDING THE CORRECT CONTACT NetSafe Tel: 0508 638 723
Incident resolution by management processes.
This flowchart is designed as a thinking tool to guide responses to cybersafety incidents. Specific advice should be obtained in each circumstance.
C: Sample Parental Consent Form to Publish Childrens Work or Photographs Online

This is a sample consent form which ECE services may wish to adapt or add to a current enrolment form where other permissions are sought. In the interests of informed consent, particular mention is made of the internet being a global information system. This is designed to raise awareness among parents that information posted online about their child may be viewable globally.
To the Parent/Legal Guardian/Caregiver Please read this page carefully as it includes information about safety and security issues associated with privacy Indicate your preference with regards to the sharing of your childs personal information Complete and sign the remainder of the form Return this form to the centre (A copy will be returned to you for your records.)
NetSafe ECE Kit
33
You are welcome to contact the headteacher/manager/supervisor at any time to discuss this Privacy Agreement.
[EVERY CENTRE] is a community based service and in the interest of safety and security requires parent permission for the publishing of childrens names or photographs on our centre website and in our newsletters (which are handed/posted out only). We believe it is important to celebrate childrens achievement, but are aware of the potential risks when such personal information or material is published on a global information system such as the internet. We will share, if given permission, no more than a childs first name and/or photograph via the newsletter, or the wider, online community via the services website. Please indicate your wishes by ticking the relevant box: I am happy for my childs first name and/or photograph to appear in the centre newsletter or on the centre website. I do not give permission for my childs first name or photograph to appear in the centre newsletter or on the centre website. Childs Name: My Name: Parent / Legal Guardian / Caregiver (please circle which term is applicable) Signature: Date:
D: Sample Letter of Invitation to Parents ICT Evening

This is a sample letter which ECE services may wish to adapt for their own use. A PowerPoint template covering cybersafety, which can be adapted and shown to those attending the event, is available from www.netsafe.org.nz.
To the Parent/Legal Guardian/Caregiver
SPECIAL EVENT
NetSafe ECE Kit
34
ICT Information Evening Wednesday 1 January 7:00 pm 8:00 pm [EVERYCENTRE]

At [EVERYCENTRE] ICT (information and communication technology) is used in many ways to enhance childrens learning. For example, you may have noticed that we have a computer in the childrens learning space and that digital photography is used in the production of the childrens learning stories. We are currently in the process of developing/reviewing our polices regarding the use of ICT in our service. As part of our commitment to community consultation, we would like to invite you to a special evening where we will share with you some of the ways your child is using ICT and also give you an opportunity to contribute to the formation of our new cybersafety policy. The safe and responsible use of ICT is important to us at [EVERYCENTRE]. Please take some time to read the pamphlet First Steps to Cybersafety we have included with this letter. It explains what cybersafety is and why it is relevant to young children and their families. Please let us know in advance if you would like to attend this event: Yes, I would like to attend number attending ________ No, I cannot make it this time Name: Signature: Date:
E: Sample ICT Incident Log

Recommendations: Use a lined notebook (not ring bound) ICT co-ordinator, Cybersafety Manager or senior staff member makes entries Handwrite entries Do not leave gaps Do not remove pages Entries should be adjacent Logbook should be kept in a secure place Logbook should be brought to each cybersafety team meeting for review.
NetSafe ECE Kit
35
DATE
TIME
LOGGED BY
INCIDENT NOTES
28/2/07
2:15pm
Joe Smith
Parent (named) informed me that while looking for information about bees, had clicked on a hyperlink on search engine website that had opened another site with adult popups (www.xxxxxxxxx.com). Cleaned cache on local machine, added website to banned list on filter software. Spoke to parent regarding the need to be careful when using search engines.
F: Cybersafety Checklist for ECE Services

The following table lists the main tasks related to implementing and maintaining a cybersafe learning environment. Column two can be dated when the task is complete. This checklist could be used for review purposes. Tasks do not necessarily need to be completed in the order they appear.
TASK Identify support network within and beyond the service Review/implement cybersafety policy making use of NetSafe template and guidance from umbrella organisation if applicable Review/implement cybersafety use agreements making use of NetSafe templates and guidance from umbrella organisation if applicable Set up a template or system to document ICT at the ECE service Discuss with service teachers and educators strategies for building cybersafety into curriculum delivery Display or make available NetSafe resources (e.g. posters and pamphlets) Run parent information evening about ICT and cybersafety Organise for key cybersafety team members to attend NetSafe training modules Audit service network/equipment Budget for: Electronic security systems (e.g. firewalls, anti-virus) Professional development Review services website for cybersafety issues (e.g. surnames of children) Display good practice guidelines near equipment Organise physical security of ICT equipment/devices Develop system for filing records of use agreement signatories Install/regularly update: Anti-virus software Anti-spam software Anti-spyware software Firewall Filtering software Set up individual user accounts for teachers and educators with appropriate levels of access Organise a backup system Set up incident book Refer to ICT list and remove unauthorised software from computers Add further tasks relevant to individual requirements:
COMPLETED
NetSafe ECE Kit
36
G: Glossary of Terms
Acceptable Use Agreement A document which informs users of their obligations as related to the cybersafety policy. Acceptable use agreements should be individually signed, with the original kept on file and a copy returned to the user. Adware Adware is software that may have been installed on your computer by a remote site. Many free utilities you download from the Internet will install hidden software that sends details of the websites you visit and other information from your computer (which can include your email address) to advertisers, so they can target you with popup ads and spam. Application An application is a computer program used to accomplish specific tasks not contained in the computers operating system (for example, word processors, spreadsheets, and graphics programs). Backup Copying data to another medium (such as a CD or tape drive) so that it may be retrieved if there is a problem with the original copy. The best backups are performed by those who have lost data previously. Bandwidth The amount of data that can be transferred during a given timeframe. Bandwidth theft describes the act of using a network to access the internet without authorisation. Banner advertisement A banner advertisement is an advertisement on a website placed above, below, or on the side of the sites main content and linked to the advertisers own website. Blacklist A blacklist is a list of websites or terms which have been identified as inappropriate by a filter. (See also whitelist) Browser A browser is a software application used to locate and display web pages. The two most popular web browsers are Firefox and Microsoft Internet Explorer. Most browsers can present multimedia information, including sound and video, though they may require plug-ins for some formats (for example, Java and Flash). Cache Every visited webpage and most of its content, including text and graphics, is stored by the computer in an area called the cache. This enables the page to be displayed faster if the user returns to the page later. The cache can be emptied, but the information remains on the hard drive until it is wiped. Compromised A computer that has been infected by malware or is under the control of an unauthorised user is considered to be compromised. Cybercitizen A cybercitizen is a person who manages their use of ICT with integrity and confidence. Cybersafety Safe and responsible use of ICT. Cybersafety manager The person responsible for running the cybersafety programme. A cybersafety manager should have senior level experience. Cybersafety policy A policy designed to describe the cybersafety programme, ways in which ICT equipment may be used, and to provide guidelines in the event of a cybersafety incident. Cybersafety programme A programme of initiatives designed to promote cybersafety within the ECE service and consisting of appropriate policies, use agreements and procedures, an effective electronic security system and a comprehensive cybersafety education programme for the ECE services community.
NetSafe ECE Kit
37
DIA Department of Internal Affairs Domain name Domain names are used in Universal Resource Locators (URLs) to identify particular web pages or sites located on the Internet. For example, the domain name netsafe.org.nz represents the website for the Internet Safety Group (ISG). Filter A filter blocks or allows access to websites. The decision is usually based upon criteria such as content (sex, drug abuse, gambling) and often relies on the website being known to the filter and recorded in a blacklist.
NetSafe ECE Kit
38
Firewall A firewall is an electronic boundary (or a physical piece of hardware) that prevents unauthorised users and packets of data or information (such as files and programs) from accessing a protected system. Forensic audit A forensic audit is an audit of computer systems by a forensic specialist. A forensic auditor will uncover extremely detailed information about how a computer system has been used, and can be invaluable during the investigation of a serious cybersafety incident. Encryption Encryption is a method of scrambling data so that it cannot be read without knowing the password or key to unscramble it. Sensitive data stored on laptops or backup media removed from the service should be encrypted. Hard drive The device within most computers which is used to store all of the data and programs available. Hacker Hacker is a term used to describe a person with a high level of interest and skill with ICT who has a desire to learn as much as possible about a system. In the context of cybersafety a hacker is a person who seeks to gain unauthorised access to computers and networks. Harassment Unwelcome behaviour directed at another person. Refer to The Harassment Act 1997 for a legal definition. ICT Information and communication technology. ICT incident log An ICT incident log is a handwritten log of cybersafety incidents that can be useful in follow up investigations or when reporting to management. Internet Service Provider (ISP) An ISP is an entity that provides commercial access to the Internet. For example, Xtra, TelstraClear and iHug. ISPs may also provide web hosting and other services. IP address An IP address is a unique numerical identifier for a computer or device on the internet (and other types of networks). Intranet An intranet is a private, internal network that provides access to files, applications and services, without the need to go out onto the Internet. Licence When a piece of software is purchased, the owner owns a licence to use the software, not the actual software itself. Services should ensure they are the legal owners of a licence to run any software used by the service. Licences can sometimes be bought in packs which contain one disc, but a licence which allows the software to be installed on five or more computers. Details of licences should be kept as part of the network documentation. Malware Malicious software. A generic term for software which is designed to circumvent security and possibly cause harm. See spyware, virus and worm.
Net Basics The Net Basics is the commonly accepted minimum standard of electronic security required for safe online computing; a regularly updated operating system, regularly updated anti-virus and anti spyware software, and a firewall. Network A network is a group of computers connected to each other to share computer software, data, communications, and peripheral devices like printers. Commonly, a network is considered to include the hardware and software needed to connect the computers together. NZEI The New Zealand Educational Institute Te Riu Roa (NZEI) is New Zealand's largest education union. As a union and professional institute, it includes teachers and support staff working in primary, area and secondary schools and early childhood centres, Specialist Education Services and Colleges of Education. Objectionable material Material that is considered under the Films, Videos and Publication Classification Act 1993 to be injurious to the public good if made available. See the section titled Objectionable and Restricted Material for a fuller explanation. OFLC Office of Film and Literature Classification Operating system The operating system (OS) of a computer contains the electronic instructions that control the computer and run the programs, e.g. Windows XP, Vista, Unix, Linux, and Mac OS X. Packet A packet is a message fragment containing data or information. When messages are sent on the Internet, they are broken into smaller, more easily transportable pieces called packets. Each packet consists of a header and a piece of the message. A single email message may actually be broken into a half-dozen different packets. Password A piece of information known only to authorised users which is used to authenticate (prove their identity) to a computer system. Passwords should be kept confidential and not shared. Peer-to-Peer network (P2P) P2P is a network where computers communicate directly with each other rather than relying on a server to control the network. P2P programs are often used to exchange files, sometimes illegally i.e. in breach of copyright. For example many people download music from the internet using P2P programs without paying for the song. Using P2P is risky as the files downloaded or even the P2P programs themselves often contain malware. Plug-ins Plug-ins are software pieces that add a specific feature or service to a larger system. For example, in order to view a PDF file, the Adobe Acrobat Reader plug-in is required. Pop-up advertisements These are advertisements that appear in a separate browser window while a website is being viewed. Restricted Material Classified by the OFLC as being unsuitable for persons under a given age. It is illegal to supply or display such material to persons under that age. Router A piece of hardware that redirects electronic traffic around a network. Broadband routers sit between a network and the internet, sending and receiving data. Routers usually contain a built-in firewall, and can be either wireless, or wired (connected to other computers via cables). The typical flow of incoming data from the internet on a small network is Internet then router then server then other computers on the network.
NetSafe ECE Kit
39
Spam In New Zealand, spam is defined under the Unsolicited Electronic Messages Act 2007. Spam is electronic, unsolicited, commercial mail. Some people define spam even more generally as being any unsolicited or junk email. In addition to being a nuisance, spam also takes up considerable network bandwidth. Spyware Spyware is software that gathers information about people or organisations without their knowledge to relay to advertisers or other interested parties. Typically it profiles a users web habits for marketing purposes. A computer can get infected by spyware if the user installs any of several hundred shareware programs. Most of these programs earn revenue by including the monitoring software in their distribution, and the makers will offer their programs free to the user. Anti-spyware software can clean spyware from computers and protect against re-infection. Temporary (temp) files Temporary files are created by applications such as Microsoft Word while a document is being created. These generally are erased when the document is saved or closed. However, in some cases a temporary file remains (generally with the file extension .tmp). Temporary Internet Files are files that have been collected while visiting Internet sites and these are usually stored (cached) on the local computer in the Temporary Internet Files directory. Universal Resource Locator (URL) A World Wide Web address composed of several parts indicating the protocol, the server where the resource (such as a web page) resides, and possibly the path, and the file name of the resource. An example of a URL is http://www.netsafe.org.nz, which is the Internet Safety Group URL. User account The relationship between a computer or network and a user. The user account defines such things as access to email accounts or sensitive data. User accounts can also be used to customise how a computer interface (desktop) appears when a user logs on. User accounts can be set up on individual computers, but where there is a network they should be set up on the server if present. Each adult user at an ECE service should have a unique user account. Username The name of an individuals user account. The username is used to identify an individual to the computer. Often a users first name and initial, or first initial and surname are used. A person needs a username and password to log on. Virus A small program that infects other software with the aim of reproducing. Many viruses are designed to cause problems such as deleting data or crashing computers. Some are designed to display messages, or send spam to other computers. Anti-virus software can clean viruses from computers and protect against re-infection. VoIP A method of using a computer network (or the internet) to make telephone calls. The main benefit is that the calls are usually much cheaper than using a telephone company. Whitelist A list of websites or terms which have been identified as appropriate and will not be filtered. Wipe Documents and other data remain on the hard drive (or other storage such as a USB stick or tape) even after they have been deleted. Wiping is the term used to describe the running of a piece of specialist software which overwrites the data at least seven times to ensure it can never be retrieved. Wireless network A network of computers linked together using radio waves rather than cables. Worm Malware which can spread by copying itself from one computer to another.
NetSafe ECE Kit
40
About NetSafe
NetSafe is the Ministry of Educations strategic partner for cybersafety education in New Zealand. This NetSafe Kit for ECE is designed to help services educate their ECE community about the safe use of Cyberspace and establish the infrastructure needed to provide a cybersafe learning environment in early childhood education. NetSafe is an independent non-profit organisation whose members are made up of: NZ Police; Police Youth Education; Judiciary; Departments of Internal Affairs and Customs; Ministry of Education; Business; Community Organisations; Educators; Parents; and Students.
www.netsafe.org.nz
NetSafe is proud to be supported by:

NetSafe Kit For ECE

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NetSafe Kit For ECE

Uploaded by

Copyright:

Available Formats

NetSafe Kit for ECE

Welcome to the NetSafe Kit for ECE Services

NetSafe ECE Kit

Section 1 1.1 1.2 1.3

NetSafe ECE Kit

NetSafe ECE Kit

NetSafe ECE Kit

1. Make a list of all the ICT used by your ECE service.

What is at Risk for ECE Services?

NetSafe ECE Kit

Legal and Regulatory Requirements for Cybersafety

NetSafe ECE Kit

protect the confidentiality of information

NetSafe ECE Kit

Te Wh ariki and Foundations for Discovery

NetSafe ECE Kit

Foundations for Discovery

The range of issues referred to in the framework include:

NetSafe ECE Kit

Who will Manage Cybersafety at an ECE Service?

NetSafe ECE Kit

The Cybersafety Team

The Cybersafety Manager

Three Sides to Cybersafety

NetSafe ECE Kit

Policies and Procedures

NetSafe ECE Kit

Acceptable Use Agreements

NetSafe ECE Kit

NetSafe ECE Kit

The Net Basics

Together, NetSafe calls these components the Net Basics.

Regularly updated operating system

NetSafe ECE Kit

NetSafe ECE Kit

Dont forget the laptops

Additional Electronic Security Measures

Use strong passwords

NetSafe ECE Kit

Create user accounts

Backup, backup, backup

NetSafe ECE Kit

Consider content filtering

Use Safe Search options

Junk mail (spam) filters

NetSafe ECE Kit

Enable wireless security

Use monitoring and reporting software

Make ICT a regular item in the budget

Standardise hardware and software as much as possible

NetSafe ECE Kit

Keep software to a minimum

Documentation is essential and can save both time and money

NetSafe ECE Kit

ADSL Modem Make/Model

Wireless Router Make/Model

An example of how a service may begin to visually document its ICT

NetSafe ECE Kit

Get support from a qualified professional

Disposing of old hardware

NetSafe ECE Kit

Education for the ECE Community

NetSafe ECE Kit