Keeping important data safe!

by | July 8, 2018

Data Security is a number one priority in our company – we care about keeping student data safe, and only collecting the data that Careers advisors need to make informed advice.

One of our big challenges is ‘keeping’ the physical data of students in the country where the school is located – for example, keeping data about New Zealand students in New Zealand (on physical New Zealand servers/computers).

The reason that this is challenging is that customers want speed & reliability (and the service to be delivered at a cost-effective rate), and in countries such as New Zealand, there are limited resources that can provide this service.  In New Zealand, we have chosen a local supplier to deliver our infrastructure (where the infrastructure is on New Zealand soil).  This means that we have been able to achieve speed, and to date – good reliability.  The downside to this is that the cost to this has been slightly higher than we would have liked!

In our latest security audit, we identified our top 2018 risks for our schools

  • Schools who don’t have password update policies in place.  A surprising numbers of schools don’t have a password policy in place (or not using a hosted service such as Microsoft Office 365 with standard security policies in place).  This means that the risk of a staff member accidentally exposing their password to an unauthorised password becomes elevated (and without a centralized service such as 365).
  • Schools who don’t have correct exiting procedures for leaving staff members. We found that the IT team are often the last ones to learn about staff who have left, and when the IT team are notified, they often are not aware of all the services the staff member was using, and can therefore not remove access for that staff member effectively.  
  • Staff issued laptops which don’t have ‘auto-lock’ policies.  We found that a number of staff laptops didn’t have a policy where their screens ‘auto locked’.  This meant that online services, including Facebook / 365 Applications / Staff Intranets become vulnerable (due to auto-fill password tools on web browsers).  This means that a student could easily access information if they gained access to a staff member’s laptop.

 

Career Central takes security seriously – if you have any thoughts or suggestions please contact us by emailing help@careercentral.school.nz

 

About the author Tim Hampton

Tim Hampton is a director at Career Central, and oversees development operations and day to day operation of the company.