5 easy steps to keep student data safe

We live and teach in the 21st Century (though some colleagues are not aware of this), which means everything is digitised. Everything is digitised because it makes life easy. When we lived in the paper age (as opposed to the stone and the digital ages), we kept student records locked in filing cabinets, locked inside of teacher’s rooms, locked inside the school. So, it was kept from anyone who couldn’t pick locks. Now, we have hackers, and so a different way of keeping student data safe is required. It actually isn’t hard. There are of course many other suggestions, these are just for starters.

1. Use HelloSpace.Me

Ok, we’re biased. But listen why. We have our servers in Switzerland for a very, very, good, very important, ultra-good, super-important reason. All data and information are protected under gold-standard Swiss laws. Which means, unlike certain other anglophone countries, cannot be accessed by government, government agencies, third-party companies, and others. So, that means you need to have your website hosted by us. Here is the obligatory Buy Now link.

2. Use an SSL Certificate on your website

An SSL Certificate adds the “s” for “secure” to your http (literally). So your web address will be https:// which means, all traffic will be parsed through that secure portal. That means passwords, usernames, and info are kept hidden from prying eyes. This is particularly important if you’re using wifi almost anywhere, or using a LAN network anywhere. Sadly, you just can’t start typing in https into your web address. For it to work, you need to purchase a certificate and install it. An SSL certificate has secure mechanisms built in to protect you, and your website users. Here is the super useful Buy SSL Now link.

3. Use your own cloud or Tresorit

For storing info and sensitive records don’t rely on USB memory sticks, your own computer, or DropBox. USB memory sticks are easily lost or taken. Your own computer can be stolen, destroyed (think fire or virus), and DropBox is not secure. Instead, on your own website install and SSL certificate with ownCloud to keep all your data off-site (not away from your teacher’s desk), but easily accessible to only you. Whilst we and your website has great security, we have to admit that Tresorit is better. Tresorit is like DropBox, but way, way more secure and they are the supreme experts for online security. Tresorit is a Swiss company, and they also take privacy very seriously.

Woman working on a computer. CC0 Unsplash, https://www.pexels.com/photo/adult-blur-business-busy-271560/
Woman working on a computer. CC0 Unsplash, https://www.pexels.com/photo/adult-blur-business-busy-271560/

4. Lock your devices

What can prying eyes access? Your Twitter, your Google Docs, your dating app, and others. They especially want to access your email address first. Let’s say your Google Docs account (where you keep grades stored), the thief can reset your password, and so they need to receive a confirmation email and approve the change. Once that is done, then they can change the email address designated in the account. Once that is done, then you’ve completely lost control of the account. Keep prying fingers and eyes out by setting a password or passphrase. All devices like smartphones, computers, and tablets all have an auto-close feature. Even with Windows 10, if you haven’t used it for a while, the screensaver activates, and to re-enter, you shake the mouse and then can be prompted to enter a password. Additionally, iOS devices (like iPhones and iPads) can be set to auto-wipe all data that’s stored on the device (not in your accounts) if the wrong password was entered 9 consecutive times.

5. Use a strong password

We cannot stress this enough. We know it’s said ad nauseam on the net, but a lot of people don’t really understand what this means. When hackers got into Adobe and stole their password database, at first, Adobe said something like, “It’s ok, all the passwords are encrypted, they can’t see anything”. The hackers then got to work to crack the encryption. A password might be “fluffybunnies”, which is encrypted to something like “dksdiud8393iegh8e48ej”. So, each letter or number corresponds to a real letter in the real password. It’s impossible to figure out the encrypted version of the password, except if parsed output corresponds to a real dictionary word. As it turns out, many years ago a huge number of Adobe users set their passwords to “password”, “12345678”, “adobe”, “adobe123”, or similar. The hackers only needed to figure out what combination of encrypted version will return a hit on a dictionary word like “password” or “adobe”. In actual fact, hackers broke the encryption for the entire database in a matter of days because so many people could use the word “adobe” and “password” for their password. Consequently, avoid using dictionary words, and other words like “password”, “adobe”, and of course “hellospaceme”.

So, how do you make a secure password? It’s easy. Answer this question, “What is your favourite song?”. Let’s say it’s “Firework”, by Katy Perry. The lyrics are:

Baby, you’re a firework
Come on let your colours burst
Make them go, “Oh, oh, oh”
You’re gonna leave them all in awe

So, take the first letter of each word, and add a symbol or number. The number could be the year you set the password, or your age. So, your password would be, “byafcolycb17”. Even if the password is decrypted by a hacker, it still looks like nonsense, and will be rejected. You’ll have won; Hackers 0, You 1. Finally, don’t use the same password for everything. Yahoo has been hacked not once, but so many times that we have changed our passwords many times in the last few years. So, make it a rule to, at least, change all your passwords the day before your birthday every year.

Finally

Finally, there are more ideas and advice that can be given, but this is just a start to whet your security-appetite (wow, I feel so awkwardly geeky writing that). In any case, look out for more articles from us. If you liked this article, please share it with friends and colleagues through your favourite social media.

Leave a Reply