Whether it’s your school’s financial data or the personal information of your students, the most important aspect of any software system is data security.
If your school’s data is at risk to be compromised in some way — whether corrupted, and therefore made inaccurate, or outright stolen — then it doesn’t really matter how well the rest of your software system performed.
That’s why we at Harris School Solutions have used our 30 years of experience to put together this list of 8 actions you can take to ensure data security at your school, district, or program.
1. Train properly and review often.
Any good school software system that is keeping up with technological advancements and evolving in order to better serve your needs is going to require regular updates. That’s a given. But how often do you adjust your school’s security protocols to keep up with these changes to your software?
In order to keep your data safe and secure, you need to ensure that your school’s data security practices are evolving alongside the software itself. For instance, if a new feature is added to the software, allowing one department to share information with another department, both departments should come together to discuss expectations and best practices. Any discrepancy between how the two departments approach security measures is going to leave the whole system vulnerable.
2. Don’t click — find your own path.
If you get an email that doesn’t quite add up in some way, don’t click any links. Even if the message you’re reading seems to require urgent action, take a beat and find an alternate way to get to where you’re trying to go.
So, for example, if you get a message telling you to “Click here to go to the IRS website,” don’t click. Links like that are put into emails for your convenience; but good security isn’t always convenient. Instead of clicking the link you’re given, open a separate browser window and navigate directly to the website. Look for a message similar to the one you were emailed about. If you can’t find it, chances are that’s because the organization or company — in this case, the IRS — has no clue about the email you were sent.
Additionally, if you’re unsure of the authenticity of the communication, you can always reach out to the organization directly and ask about it.
The key here is not to rush. It can be difficult in this age of fast-paced information and busy workdays, but taking a moment to think before you click anything is the foundation of keeping your data safe.
Per our example, it also is worth noting that most government institutions often will mail you instructions or information through regular mail — not in an email or over the phone.
3. Pay close attention to the fine print.
Another item to check when it comes to emails is the exact email address from which the message was sent.
Any time you are asked to open an attachment, respond, or engage with the message in any way, double check the sender’s email address against the one you have saved in your contact list (or previously sent emails).
Often, social scammers will use a domain that looks similar to a legitimate and commonly known website domain, but with a slight difference. As an example, LegitCompany.com may be a business your school deals with frequently. A social scammer, then, might try to send you an email from LegilCompany.com, or LegitCompany.net.
When in doubt, similar to the last step, draft a separate email and check with the person who allegedly sent the initial communication to make sure that person actually sent it.
4. Be careful browsing on the internet, or someone may end up browsing your data.
This is another way that you can protect your school’s data at the user level. Many schools will set up their internet to block certain websites. That’s all well and good, but there always will be websites that prove risky despite not having a name that gets flagged and blocked by the system.
The advice here, then, is to flip the way you think of web-browsing rules. Rather than specifying every website that is off limits, specify the types of websites that are allowed. Make a clear rule that any websites visited must correlate directly to work purposes.
It’s also worth mentioning here that while Google does a pretty good job of not letting scam-type websites show up on the first page of search results, the deeper you search through the results pages, the less certain you can be of the validity of the websites. If, for example, you’re researching an obscure subject and can’t find what you need on the first page, you might be tempted to keep going until you hit the fourth, fifth, or sixth page. A better strategy, though, is that if you don’t find what you’re looking for on the first or second page of Google’s search results, try to re-word your search query. That will keep you closer to the first page of results and, therefore, safer.
5. Develop a password protocol.
Often, if your password is compromised — meaning someone else finds out what it is — you won’t find out that it’s been compromised until it’s too late. To safeguard against this, assume that your password is only as safe as it is up-to-date. In other words, update your password regularly. You also should be sure to include numbers, special characters (symbols like @#$%&!), and a mix of both lowercase and capital letters.
Avoid using words or phrases that have any sort of personal meaning to you. Those types of passwords may be easier to remember, but they’re also easier to guess.
6. Protect your server.
Technology directors know that the server is arguably one of the most important pieces of the security puzzle. Think of it like the beating heart of your system. If this gets compromised, you will enter a whole other level of data corruption. That’s why it’s so important not to overlook this critical piece of infrastructure.
Regularly monitor, check, and make updates to your server in order to make sure there are no weak points that could be exploited by a would-be hacker. You may even be better off by letting professionals host your system on their servers. Some software providers will provide secure hosting. If you let the professionals handle your hosting, then you’re left with one less vulnerability that you have to worry about.
7. Plan for the worst — implement a disaster recovery plan.
Do you think that the last thing you want is for your school’s data to be compromised? If so, you’re mistaken. That’s the next-to-last thing you want.
The absolute last thing you want is for your data to be compromised without any sort of disaster recovery plan in place to mitigate the damage.
Data security never can be 100% guaranteed. Anyone who tells you it can be is misleading you. But what you can guarantee is that you and your school are ready to handle any data emergency that otherwise would’ve blindsided you.
By working closely with your software provider, you can put in place systems that will help get all of your important data back and ensure its accuracy in the event that you suffer a breach of security. With proper planning and forethought, you can help to keep a bad situation from becoming worse.
8. Get safer software.
Not that there’s any good way to get hacked, but one of the most frustrating has to be when it’s allowed to happen due to security weaknesses in your software itself. The reason this kind of hack would be so frustrating is because you could do every single thing on this list correctly, but still end up with compromised data. That’s why it’s important as a school, district, or program to invest in secure software that’s built to withstand attempted hacks. The software’s built-in security, if it’s a good system, should be your first line of defense because it’s automatic, which means it’s not prone to human error the way the user-level security measures discussed above are.
When looking at potential new software, be sure to find out about what sort of encryption and security features are provided. Ask questions to make sure the provider understands the importance of security and has all the bases covered.
Again, this requires a little more effort upfront, but it can spare you from a very difficult situation down the road.
Want to learn about some of the safest, most-secure software available?
Click below to discuss your security concerns with one of our knowledgeable HSS reps.
Or click a button below to browse our secure software and hardware solutions.