Keeping your School Website Secure in 2018

Published: February 23, 2018

A recent study has found that the vast majority of school and education websites do a poor job of protecting their browsers security and privacy.
Whether it’s tracking tools used by advertising partners and companies, with little disclosure of such usage…Or lack of support in secure browsing for site visitors.
Put simply, all school websites must ensure that they invest in optimum security for the safety of their traffic, their staff, and their students.
But how do you ensure the safety of data, students, staff and potential parents of new students as they visit and share sensitive information on your website?

School websites must use HTTPS protocol as default

Simply put, HTTPS stands for ‘Hyper Text Transfer Protocol Secure’. The ‘S’ in this is very important as it guarantees the encryption of any data that is shared on your website.
If your website just uses the inferior HTTP protocol, third parties can track pages that your school website user views and the information sent online. These third parties can then inject malware and revise the content of the website pages being viewed. This could be particularly dangerous in the hands of a hacker or an internet troll.

School websites must keep software up to date

Ensuring that you keep all software up to date is crucial in keeping your school website secure. This software includes the server operating system and also any CMS or forum software that is used on your site. Hackers can work their way into your website and cause trouble through outdated software.
Your web hosting company should take care of your operating system security updates.

Don’t divulge too much in error messages

When you display an error message on your website, be very careful how much actual information that you give away. Don’t provide full exception details as they can make complex attacks on your website easier for the wrong people. Keep detailed errors in your server logs, giving website users just the information that they need.

Don’t underestimate passwords

It’s very important to use strong passwords for both your server and website admin areas. It’s equally as important to ask your web users to ensure that their passwords are strong. This will help them to protect the security of their accounts.
All strong passwords should use a minimum of eight characters, including an uppercase letter and a number or symbol.
If somebody hacks into the school website and attempts to steal your passwords, the use of hashed passwords could help to limit any damage, as these are impossible to decrypt.

Be cautious of file uploads

If you allow users to upload files to your website, it can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.
If you have a file upload form then you need to treat all files with a great level of suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked.
Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

Choose the appropriate storage environment for your school website

This can make a huge difference in keeping your information secure and private. Many companies use cloud or web-based hosting to keep data physically safe when it’s off their website. Make sure that you choose a storage provider that has a valid SSL certificate. Also, check their terms of service so that you know exactly what security measures they take when storing your data.

Consider purchasing access to a reputable Virtual Private Network (VPN)

VPN’s can prevent snooping-based attacks along with other transmission-related intrusions and theft of valuable data. VPNs work by encrypting the channel through which your data is sent and received, and can offer protection towards your identity and credentials from others with access to the network that you are using.
With data security challenges growing in 2018, choosing trustworthy storage companies, strengthening passwords, and implementing security policies for all end users and machines in your school or home, will keep your data safe from most attacks.
Definitely consider investing in a VPN for added security, and make use of encrypted storage and transmission protocols such as SSL (Secure Socket Layer)

Make sure your school website is password protected and manage your information with care and attention to encourage the safety of all shared data available.