With the recent hacking of Sowerby School’s website, we’ve had a few customers contacting us concerned that the same could happen to them. We want to reassure all of our customers, whether they use School Jotter or any other of our products, that your security is our primary concern. The vulnerability through which Sowerby’s website was hacked is not present in any of our software, so you can rest assured that your content is as safe as it can be.
That said, there are certain precautions that we recommend all users should take. While a lot of these are common sense, users are often vulnerable to “social engineering” attacks, and we want to make sure you’re as safe as possible. We sat down with Webanywhere security and development expert Arthur Howie who had a few tips for us.
1. Never tell your password to ANYONE
Your login password should be a private string of characters that only you know. Any person with whom a password is shared is a potential vulnerability in the system. Our technical support will never ask for your password.
2. Don’t use the same password for multiple things
For convenience’s sake, it might be tempting to use the same password on your email accounts as on your school website’s login. This is very bad practice and means that if someone unscrupulous gets access to one of your passwords, all of your accounts are potentially compromised.
3. Make sure your password is complex but memorable
For example, don’t use “password1” – this is not good practice at all and is very vulnerable to “dictionary” attacks, where a hacker might try lots of common passwords. Your password should be a mixture of upper and lower case characters as well as non-alphanumeric ones if possible (ie #!£$%& etc). This will make you much less vulnerable to these attacks. It’s good practice to change it every few weeks as well. A great way to make a password secure while still being easy to remember is to simply make them long phrases.
4. Don’t use an easily guessable password
It can be tempting to use the name of a pet or loved one as a password as these are usually uncommon words, but you really shouldn’t. This is information that is easily searchable on the web and will be one of the first things an attacker tries.
5. Make sure your “secret question” is something only you know
In order to reset your password you’ll often need to answer a “secret question”, the answer to which you’ve previously set. This might be something such as “What school did you attend” or “Who is your favourite singer”. This information can often be gleaned from social media accounts or other sources, leaving you vulnerable, so make sure it’s not publicly available information – in 2008 Sarah Palin’s email was hacked in this way.
6. Ensure your antivirus is up to date
On any computer where you’re going to be entering personal information, make sure you’ve installed antivirus software – this is often available for free through your institution or even your personal bank. Without one, software could be installed without your consent and potentially capture sensitive login information.
7. Be careful what you click on
NEVER click on a link you’re unsure of. An email that purports to come from your bank or the government might simply be trying to “phish” your data. Antivirus software can sometimes prevent against this by scanning links ahead of time, but it’s no substitute for proper practice.
All that’s needed to keep yourself and your school safe online is to take the necessary precautions. We’re confident in our security at Webanywhere, and we want you to feel safe as well. If you have any concerns or questions regarding security or anything else, please don’t hesitate to contact us on 0113 3200 750, or email firstname.lastname@example.org.