Imagine your school as a family home. To protect your loved ones and your most valuable possessions, you likely invest in perimeter defences such as sturdy locks, window latches, and perhaps even CCTV or electric gates. Inside the house, you might have movement sensors to alert you if someone has breached the exterior, and for your most precious items, you use a safe with a complex combination.

In the digital world, schools often make the mistake of thinking their firewalls and antivirus software, their digital locks, are enough. However, as renowned educator Mark Steed shared during our recent leadership seminar in Dubai, digital protection requires a much more comprehensive, leadership-driven strategy. At the event, Steed drew on his harrowing experience of a 2020 ransomware attack to explain why school leaders can no longer delegate technology risks to the IT department alone.

AI is a leadership issue

One of the most pressing topics Steed addressed was the rapid rise of Generative AI. While many see AI as a classroom tool, Steed argued that AI is a leadership issue. The primary concern for a headteacher or governor isn't just how a student uses ChatGPT, but how the school manages the governance and data protection surrounding these tools.

Steed pointed out that as soon as a staff member inputs a student's name and attainment levels into a public large language model, the school is likely in breach of data protection regulations, including GDPR and local frameworks like those from the KHDA. Leaders must be the ones to set the rules, mandating that AI is used only within closed and safe environments, such as a school-managed Workspace for Education, rather than personal accounts that "let data out" into the public domain. Without a clear digital policy signed off at the board level, a school is essentially leaving its digital front door wide open.

The trap of "easy cheating"

When discussing AI in the curriculum, Steed introduced the concept of "easy cheating". He shared an anecdote of how he once used AI to draft a deliberately "boring" article on security policies just to test the tool’s capabilities. While the AI provided the text, Steed emphasised that the value came from personalising and authenticating the content with his own examples and taking responsibility by putting his name to it.

For schools, the leadership challenge is to move students and staff away from simply "outsourcing" their thinking to a machine. Steed suggested that schools may need to return to techniques like the Viva Voce, where students are interrogated on their work to ensure they can talk coherently and explain the concepts they claim to have written. 

Authentication of work must become a central pillar of a school's digital strategy, ensuring that AI remains a tool for enhancement rather than a replacement for genuine learning.

Cyber security: A board-level crisis

Moving from AI to cyber security, Steed shared a sobering reality: when a ransom note appears on a computer screen, it is a board-level crisis, not an IT problem. Recounting an attack by Russian hackers that took out his school’s finance and HR departments, he noted that the decision of whether to pay a US$500,000 ransom in Bitcoin is far above an IT manager's pay grade.

Schools have become top targets for cybercriminals because they hold incredibly sensitive data on high-profile families, including members of Royal Families and the Ministry of Defence. Steed identified four critical risks that boards must manage: 

• Operational (the inability to teach), 
• Financial (the cost of rebuilding, which can exceed £500,000), 
• Reputational (loss of community trust), and 
• Legal (prosecution for data failure).

He warned that hackers often exploit "forgotten" vulnerabilities, such as an old admin account with full privileges that hasn't been used in a decade but still exists on the network.

Moving to the cloud does not solve everything

A common myth in education is that migrating systems to Microsoft or Google eliminates cyber risk. However, Steed was quick to remind the audience that moving to the cloud does not solve everything; in fact, "the cloud is just someone else’s computer".

Using a bank analogy, Steed explained that while a bank (the cloud provider) has better physical security than your home, you are still responsible for your identity and credentials. If you lose your bank account number or your "keys" to the safe deposit box, the security of the bank cannot protect you. Schools must still manage their own user access, implement two-factor authentication (MFA), and ensure that their staff are trained not to hand over the "keys" to hackers via phishing scams.

How 9ine makes implementation easy

Recognising that these leadership challenges can feel overwhelming, 9ine provides the products and services necessary to turn Steed’s insights into actionable school policies. We act as an extension of your leadership team to ensure your school is not just "compliant" but truly resilient. Popular solutions include: 

• Academy LMS (AI Pathway): To address AI governance, our Academy LMS offers an AI Pathway with over 20 courses across four levels. This allows schools to train every staff member on ethical AI use, safeguarding, and privacy, building the "competence and confidence" Steed advocated for.
• Cyber Security Testing: Just as you would hire someone to check your home's security, 9ine’s technical consultants perform penetration testing and vulnerability scanning. We simulate cyberattacks to find the "forgotten" accounts Steed mentioned, providing a high-level report with prioritised recommendations for the board.
• The 9ine Platform: Our Governance and Privacy modules make it easy to manage digital rules centrally. Schools can use these tools to ensure their policies on AI drafting and data use are reviewed and signed off at the board level, providing the "air cover" required for senior leaders.
• 9ine Protect: We help schools implement the technical "locks" Steed recommended, such as user privilege management and MFA, ensuring your digital perimeter is as secure as possible.

By combining Mark Steed’s leadership principles with 9ine’s robust technical and educational frameworks, schools can navigate the digital frontier with confidence, ensuring that their "digital house" is protected from the ground up.

Interested to learn more? Book time with our team to discuss how we can support your school to remain safe, secure, and compliant.