Passwords 101: Basic Data Protection in Schools

2018 august dig cit.jpg

We have been on the road this month talking to students, staff, and parents about digital citizenship.  There's a lot to talk about! Every day, we see new cases that involve cyberbullying, online threats, and sexting.  However, it isn’t just students who need to learn the basics of online safety. As protectors of student data, school districts have unique obligations when it comes to keeping student data safe.  One of those obligations is to investigate data breaches when they occur, and notify affected families if the data has been or will be used for an unauthorized purpose.

If schools become aware of a possible security breach, Nebraska law requires them to conduct a good faith, reasonable, and prompt investigation to determine the likelihood that personal information about a Nebraska resident was misused.  If misuse has actually occurred or is likely to occur in the future, the school district must also report itself to the Attorney General's office. Data breaches can stem from malicious attacks carried out by hackers and cyber-terrorist groups.  More often, however, they often start with human error and lax security protocols.

PASSWORD BASICS

The biggest password myth we regularly see is that a good password is complicated and hard to remember.  This is not the case for a number of reasons.  Passwords that are hard to remember often get written down on a post-it.  This is bad, and leads to obvious security issues. An effective password could simply be the lyrics to a song or the name of a place, so long as enough characters are used.  Adding numbers and special characters to that can help.

EXAMPLE:

  • f23tg@59p is a complex password that is REALLY hard to remember.   

  • Mycountrytisofthee is a simple password that is easy to remember.

  • Myc0untryti$0fth33 is a complex password this is still fairly easy to remember.  

 

If you look at the last example, it has the same amount of numbers and special characters as the "complex" password, but since they’re incorporated into a song lyric, the special characters and numbers are easier to remember, and the final password is longer!  The final password is also not connected to an old address, pet name, child's birthday, or any other piece of personal information that a social hacker could obtain from looking at an employee’s Facebook or Instagram page.

 

All school district staff -- administrators, teachers and other staff -- should adopt secure password practices.  Make it easy to remember, but hard to guess (stay away from personal info), don't share it, and change it often.