BYOD: Staying safe


With bring your own device firmly in fashion, Ed Macnair offers some tips for ensuring a safe and secure online working environment for students.


The use of tablets and laptops in the education sector is providing students with the flexibility to extend their learning outside of the classroom and alongside this, the introduction of bring your own device (BYOD) in schools is seen as a key learning development tool.

The implementation of BYOD requires a platform that can secure, unify and deliver content to various devices and operating systems. If schools are not set-up with a robust web and content-filtering solution that supports BYOD, it is possible for some tech-savvy students to find ways to bypass school web-filters, spreading the knowledge fast among peers. Here are seven steps to help keep on top of the problems.

Web security

IT departments must start by implementing a robust web and content-filtering solution to manage internet access both inside and outside the classroom. This web-filtering solution must support multiple mobile devices, isolating BYOD from the rest of the network via a VLAN (virtual local area network) or separate subnet. This ensures any malware on BYOD is kept away from internal servers and computers.

With pupils’ safety being key, the web-filter must enable education-friendly settings such as Google Safe Search. A good web-filter should enforce safe search on YouTube to allow students access to suitable content for educational purposes.

If the web-filter is unable to enforce safe search, IT staff need to consider standardising an education-friendly search engine instead.

Security synchronisation and alignment

It is important to ensure the firewall is working in harmony with the web-filter. In some cases, IT administrators fail to block direct web access via the firewall and rely simply on group policy or browser restrictions to enforce proxy use. It might be a simple mistake, but it could also create a window for a savvy student to bypass the block and find a direct route. Although, if the firewall is configured so that direct web access is only allowed via the user profile of the proxy, then this gap can be closed.


Regularly reviewing trend reports using a web-filtering product will often highlight sites that have slipped through the net. For example, if pupils are able to find a way to access an inappropriate site, generally, it will shoot to the top of the “top sites” trend report. To ensure web-filters are working effectively it is key not to “install and forget”, rather someone needs to own and monitor it regularly.


Online communication sites such as Skype and Facebook are notorious for bypassing filters if they can find a direct route out to the internet. For IT administrators to block access to these sites on BYOD requires the enforcement of strict rules. Although in some cases IT staff add a lazy rule, granting pupils access to far more sites than intended.

It is therefore important to establish specific bypass rules, rather than using the general rule book. To block access to Facebook involves adding or a path name, if it is a sub-section of a site that demands control. However, with a lot of sites now using SSL (https), sometimes blocking the standard URL does not mean the secure URL will be blocked as well. Schools should remember for example that applying the rule “” may not necessarily prevent access to “” as it is dependent on the filter. 

Implement the latest security policies

Implementing the latest security policies will greatly protect students. For example: restricting student access to communication sites such as Skype, while connected to the school network, can eliminate the likelihood of exposing students to offensive online material.

Leverage a URL reputation database to categorically block access to inappropriate sites such as adult content, games, gambling, social networking, hacking, anonymous proxies, drugs and self-harm to mention just a few categories. Stop proxy abuse by tech-savvy students who look to bypass a school’s security measures by researching anonymous proxies to access blocked or unauthorised sites via backdoor URLs

Limit web-browsing in class hours

To encourage productive and educational use of the internet, tutors should specify times when students are allowed to browse the internet in class to support their studies.

Educate staff

As BYOD gains momentum, pressure on IT departments and teaching staff will continue to mount. Ensuring that staff are educated on e-safety and the latest security policies, as well as raising awareness and understanding teachers’ personal liability in the event of breaches or incidents affecting students, all make for a safer online learning environment.

While educators are responsible for controlling wi-fi internet access for students, it is impossible to oversee pupils’ activity online when using their own mobile data connection. Parents need to take responsibility too and choose what they are allowing their children to access, as well as ensuring specialist web-filtering tools are installed on all devices – mobile and desktop.

  • Ed Macnair is the founder and CEO of CensorNet, a cloud security company.

 Photo: iStock


Please view our Terms and Conditions before leaving a comment.

Change the CAPTCHA codeSpeak the CAPTCHA code
Sign up SecEd Bulletin