Make Photos Part of your School’s Cyber Safety Strategy in 2025

As the year comes to a close, I wanted to share my insights on what I discovered travelling schools around the world talking about child photo safety.

You may not be aware, but the Education sector has been the most targeted industry globally this year for cyber-attacks (source: Check point Research, August 2024).

In the UK alone, 52 percent of primary schools, and 71 percent of secondary schools, identified a breach or attack in the past year. In Australia, private wealthy schools in particular are increasingly becoming targets by cyber criminals using ransomware. It is not surprising with the amount of personal data schools hold, including photos.

Data breaches globally continue to be on the rise, with studies revealing that over 20% of reported incidents involve some form of visual data, often stemming from human error. This underscores the critical need for schools to implement strong protection measures for handling photos and other kinds of media featuring children.

This year, I’ve travelled the globe to gain deeper insights into the evolving threats schools face in media security and safety, while examining the impact of emerging technologies and regulatory changes. During my travels, there were still many schools teetering on the question of whether to invest in a media management system to improve overall efficiencies, or (because of constrained budgets or some other factor) wait until “something bad happens”… yes I know, that really shouldn’t be an option, but I am still hearing it, sadly.

Let’s face it, schools are dealing with large volumes of digital photos and the use of manual processing to work out which photo can be used and which cannot has now become impractical, time consuming and error prone. We know on average school’s capture and store around 50,000 media files each year, and that number is growing. From graduation portraits to event snapshots, year-on-year these images tell the story of the school and the lives of its students. As valuable as these photos are, they also come with significant cybersecurity and privacy challenges that schools can no longer afford to overlook.

All schools understand that they need to do a better job in protecting students’ images, but for many it continues to be an action that stays on the backburner until “something bad happens”. Unfortunately, any school who is still manually managing consent on digital photos has a broken, inefficient and negligent system in place that is ripe for attack, or for “something bad to happen”.

Photos must be Part of the Bigger Cybersecurity Picture (no pun intended!!)

While many schools focus on securing records, emails, and networks, photos are often overlooked. However, photos require equal, if not more, attention because:

• They can contain sensitive information
• They are frequently shared across platforms, both private and public, increasing the risk of exposure
• They are stored in large volumes, making them a prime target for breaches
• They are easily misused if accessed without proper controls

Using a media management platform as part of a school’s cybersecurity strategy provides several critical benefits, particularly in safeguarding sensitive student and staff information.

5 Easy steps in protecting school photos

1. Make sure you use an ISO certified system. A supplier that is ISO27001 certified ensures the school can meet the highest standards in data security when processing media. Not all certifications are created equal – schools must distinguish between suppliers with globally recognised standards versus ones with less rigorous badges that have been provided by local firms whose validity and independence could be questioned.
2. Implement Robust Access Controls: Ensure only authorised staff can upload, view, or share images. Find a system that gives you the flexibility to implement a robust access and permission strategy.
3. Ensure Encryption Standards are Adopted: Photos should be encrypted both in transit and at rest to prevent unauthorised access.
4. Adopt Consent Management at Scale: Always obtain clear parental or guardian consent for taking and sharing student photos externally to meet their consent wishes. Maintain records of this consent to ensure compliance. To ensure your consent management process is highly effective and efficient, leverage AI-driven compliance technology for immediate consent application at scale.
5. Educate Staff and Students: While rolling out the new system you are training and educating your staff in best practice media management and assisting them to recognise the importance of photo consent and security. You can also ensure students understand how their images are being protected and used.

When choosing a platform, it is very important that schools use a highly trusted bespoke system that is fit-for-purpose and does exactly what it states in the contract. Ask these questions:

1. What security certifications does the supplier hold?
2. Are these certifications issued by globally recognised and independent organisations? If not, how does the vendor’s certification compare to international standards like ISO?
3. Can the vendor demonstrate a commitment to ongoing compliance and improvement (as is required to be ISO certified)?

pixevety is now ISO-certified!

This year, pixevety reached several milestones, including becoming an award-winning Privacy-by-Design platform and achieving ISO27001 certification and UK-GDPR compliance, underscoring our unwavering commitment to safeguarding your data. We also continued to enhance our platform, helping schools to streamline their media administration while fostering private, secure community engagement.

Although I was overseas and unable to attend the award ceremony, our Sydney team represented us brilliantly and enjoyed a fantastic evening at the annual @CyberCX event. Also, a shout out to @Nicole Stephensen who also could not join us – we are always grateful for Nicole getting us started on the PbD path over 8 years ago. Simply unheard of back then!!

As a technology company uniquely designed to support school media administration compliance and promote private community engagement, we are at the forefront of transformative change. From revolutionising how schools manage media to reshaping societal perspectives on the use of school media, and adapting to increasingly stringent data protection regulations, we are driving innovation in an ever-evolving landscape.

I want to express my heartfelt gratitude to all our incredible clients and supporters for their unwavering commitment to child photo privacy. A special thanks also goes to our amazing pixevety team, whose dedication and hard work make pixevety what it is today – a successful Australian media management company protecting hundreds of schools and their communities worldwide!

Merry Christmas and a Happy 2025

Colin