Wired for engagement – the Schoolwires blog

Building a security shield: How to protect K-12 student data

Posted by Hope Salisbury on 12/2/14 9:00 AM


Guest Blogger: Hope Salisbury, Marketing Coordinator, Schoolwires

No longer does school security just involve locks on doors and the occasional security camera. The Web offers an entirely new landscape for security breaches. Increased online security measures must be put in place to secure private K-12 student information because danger lurks around every Web page and in every code snippet.

In this four-part blog series, we will discuss several of the hot topics related to security, privacy, and student data, starting with hacking.

Many K-12 school districts interpret hackers as distant threats that exist in the dark depths of the internet with targets much larger than K-12 district websites. And just because district websites don’t house financial information doesn’t mean they don’t have targets on their backs. District sites house a repository of private student data – and acquiring personal information is one of the main motivators for hackers.

So, what are hackers’ preferred methods and how do you safeguard against them? The consensus across top security reports, including Trustwave and White Hat, list insecure passwords, SQL injection, and cross site scripting as three popular methods of intrusion.

Insecure Passwords

  • Problem: 90% of user-generated passwords are vulnerable to hacking according to Deloitte, a global consulting firm.
  • Solution: Single sign-on accounts encourage users to create longer and stronger passwords because users only need one to access multiple accounts. Setting mandatory rules for passwords to be eight to ten characters in length with a combination of letters, numbers, and symbols drastically decreases the chance of being hacked.

SQL Injection

  • Problem: Improper coding can leave the door open for hackers to inject SQL (structured query language) code into your website through web forms and login fields to gain access to the database behind the site.
  • Solution: In addition to running monthly vulnerability checks, conduct a thorough investigation into your website coding to eliminate all SQL vulnerabilities and to make sure best practices were used during site creation. Always check that the person or provider managing your website code is knowledgeable about how to safeguard against this intrusion method.

Cross Site Scripting

  • Problem: Hackers turn website users into victims by sending them malicious content through vulnerabilities in the code of a Web application; thus taking over their browser or account.
  • Solution: Use a website platform that can catch malicious code before it can even be put on the site, as well as filters to catch any code that slips through. Closed source programs, like Centricity2, add an extra layer of protection by shielding outside parties from seeing how the website code is written.

These three intrusion methods are only a few of the countless ways hackers can gain access to your K-12 websites and your visitors. Bottom line is, you need to have a professional creating and maintaining the back end of your website. Security is one of the many reasons K-12 districts choose Schoolwires as their provider. Check out the other top reasons here.

Topics: K-12 Student Data, Website Hacking, Privacy, Security Breaches

Subscribe to email updates

Posts by topic

see all