How Educators Can Protect Students’ Data from Security Breaches

| April 15, 2014 | 7 Comments
  • Email Post
getty

By Jessy Irwin

Every day, teachers are responsible for maintaining numerous logins, passwords, data, and other private information about their students. As chief technology officer in the modern century classroom, an educator’s role becomes more complex (and potentially overwhelming) as more tablets, computers, and web tools are put in the hands of students. With so many tools, security and privacy are often an afterthought despite the increasing number of websites that fall victim to data breaches and security vulnerabilities each day.

Last week, researchers discovered Heartbleed, a massive security flaw in an encryption tool used to protect data across some of the most popular sites on the web. For almost two years, this hole in OpenSSL may have quietly left two-thirds of the web vulnerable to eavesdropping, leaking private data including logins, passwords, and other information stored in Web servers to anyone who might be listening. Given the enormous amounts of information entrusted to teachers about their students, colleagues, and their communities, here are a few important measures teachers can take to protect themselves from Heartbleed.

  • Don’t login to a site or attempt to change your passwords unless you’re certain that a vulnerable site has been fixed. Though most major web companies have fixed the Heartbleed bug, it’s important to note that logging in and changing passwords on a vulnerable site will leave you vulnerable to the likelihood of an attack.

  • There are numerous resources that can help you determine whether a site is vulnerable or if it has been patched. If you use Google Apps for Education, Yahoo! Mail, Pinterest or Minecraft in your classroom and you haven’t changed your passwords in the last week, it’s safe to do so now. For Android users, this tool from mobile security firm Lookout will help identify whether your operating system is susceptible to Heartbleed. Alternately, there are many tools that can check encrypted sites for the bug here, here, and here.

  • Your online accounts are more likely to be compromised by a phishing attack that attempts to steal account credentials than a hacker exploiting Heartbleed to steal data from servers. Because public awareness of Heartbleed is high, malicious hackers will do their best to make the most out of this situation as they can. For maximum security, educators should be manually accessing the sites they use when they want to login and change passwords instead of clicking through links within an email.

  • If you’re using the same password for multiple accounts on the web, it is safest to assume all of the accounts using that password have been compromised. In the wake of major data breaches, criminals can and will employ tools that attempt to break into any online accounts they can. If you are one of many educators exercising this insecure habit, now is an excellent time time to break it. Password managers like LastPass, 1Password and KeePass are valuable tools that can help educators to generate, store, and audit passwords for all of your web accounts.

  • Heartbleed may be affecting your school or district network, too. Security engineers are beginning to discover that firewalls, switches, virtual private networks, servers and other important network hardware are also susceptible to the hole in OpenSSL. In some cases, the records of your current and former students stored in an SIS are vulnerable, and sensitive information could be leaked without a trace to the rest of the web. District technology leaders, technology coordinators, and anyone maintaining databases full of student information should double check with hardware vendors to confirm whether their systems need patching or not.

Though technologists and engineers have patched many of the sites vulnerable to Heartbleed, it’s impossible to determine if sensitive user data may have leaked onto the web. While there is no such thing as being completely safe from hacking and data breaches on the web, there are many preventative measures that can be taken to protect sensitive data and online accounts. If there’s a lesson that can be taken away from Heartbleed, it’s this– there’s never a bad time to be proactive about online security.

Jessy Irwin is a privacy and security advocate who once integrated technology and social media into a class of 3,000 students.

Related

Explore: , ,

  • Email Post
  • http://www.intrinsicstrategy.com/ FrankCatalano

    I’d add that one of the most effective preventive measures to avoid unauthorized access to an account is to turn on two-factor (or two-step) authentication whenever it’s offered. It generally requires a password be accompanied by a unique numeric code texted to your mobile phone to “authorize” that specific web browser or app seeking access. If someone doesn’t have your mobile phone, even if they have your password, they can’t get in. Sites/services such as Facebook, Gmail, Twitter, DropBox and others all offer two-step authentication. For individual accounts, it’s an added layer of protection.

    • http://www.twitter.com/jessysaurusrex Jessy

      That’s an excellent point that I forgot to mention, Frank! Two factor authentication is a great way to protect your most sensitive accounts, especially email accounts that hold the keys to everything.

    • Robert Pronovost

      So true, Frank! While two-step authentication and tools like 1Password might feel like a hassle (I had to go get my phone from across the room just now to verify using the authentication code), it’s much better than getting an account hacked and my data/money/identity stolen.

    • Tyler Bosmeny

      Excellent point Frank. Most people don’t realize how easy it is to enable two factor authentication for their bank, email, dropbox, etc. and how much additional security it provides. At Clever we recently added two-factor authentication options for schools (a first in K-12 as far as I’ve seen). Would love to see more applications supporting this across our industry.

    • KateSl19

      Frank, completely agree with your point! I appreciated two-step authentication at its true value when developers of Joomla! 3.2 implemented it. Another plus for eLearning websites that use Joomla! as hosting platform! JoomlaLMS, Guru & etc.

  • Robert Pronovost

    Bullet point three is not to be taken lightly… that’s a must read for educators, parents, and grandparents alike. If data is stolen right now, it’s surely going to be through someone sending emails to false sites posing as PayPal, Tumblr, or some widely-used site.

    Thank you for sharing this and being an advocate for secure student data!

  • Pingback: How Educators Can Protect Students’ Data from Security Breaches – jessysaurusrex