+ Post New Thread
Results 1 to 8 of 8
General Chat Thread, Poor security practices between schools and suppliers in General; I had a request today from one of our suppliers to send them the username and password for an affected ...
  1. #1

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,511
    Thank Post
    526
    Thanked 2,640 Times in 2,044 Posts
    Blog Entries
    24
    Rep Power
    896

    Poor security practices between schools and suppliers

    I had a request today from one of our suppliers to send them the username and password for an affected user for the system. It got me thinking about suppliers in education and how many still don't seem to understand good security practices. I've dealt with another a while back who wanted us to email over all the personal details of our students via a normal email.

    Why is security so low on the agenda still?

  2. #2
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,437
    Thank Post
    61
    Thanked 206 Times in 178 Posts
    Rep Power
    56
    I've dealt with a company who wanted a domain admin account sent via normal email. They didn't get it...

  3. #3

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,759
    Thank Post
    1,510
    Thanked 1,293 Times in 884 Posts
    Rep Power
    813
    Quote Originally Posted by localzuk View Post
    Why is security so low on the agenda still?
    I think a lot of the time, it comes down to pure ignorance; they simply do not understand the security implications of what they're asking you. I can't count the number of times I've argued with people both inside and outside of the school about emailing sensitive data; their argument usually amounts to "of course my email is secure, I have to login with a username and password!"

  4. #4


    Join Date
    Sep 2008
    Posts
    1,853
    Thank Post
    352
    Thanked 264 Times in 216 Posts
    Rep Power
    121
    On the flip side of that I have had an argument from someone who refused to send/receive any information via email because you couldn't be sure it was sent to the right person and you didn't know if it would get there. He also didn't seem to acknowledge that the system they were using meant that any letters we sent meant we could wait up to a week for a simple request or in the case were they were on holiday /off sick it would would sit on their desk until they got back. Oh and apparently letters never got lost and were much more secure. I gave up trying to explain why email would be a better solution after he complained about his email problems but refused to speak to his IT department. *To be fair it was a non IT role but I still couldn't understand their view*

  5. #5
    rich_tech's Avatar
    Join Date
    Mar 2011
    Location
    Wales
    Posts
    1,165
    Thank Post
    141
    Thanked 149 Times in 130 Posts
    Rep Power
    67
    It makes you wonder why we all still insist on Email being any sort of communication, given largely that its unsecure outside of using things like encryption, which people do not bother with only very rarely.

  6. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    Quote Originally Posted by rich_tech View Post
    It makes you wonder why we all still insist on Email being any sort of communication, given largely that its unsecure outside of using things like encryption, which people do not bother with only very rarely.
    It makes you think why that on the whole uts not been made more secure…

  7. #7

    Join Date
    Apr 2006
    Posts
    390
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    45
    Quote Originally Posted by localzuk View Post
    Why is security so low on the agenda still?
    The path of least resistance. I would imagine they can get away with it with most schools, so they don't bother. It'll only be once the data owners collectively start getting narky about sending unencrypted data around the place that it will change.

  8. #8

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,184
    Thank Post
    1,923
    Thanked 2,413 Times in 1,767 Posts
    Rep Power
    840
    My impression is that too many systems are the result of "back room development". Someone has a great idea and develops it, but they don't realise that there are certain security and data protection functions that must exist. I went to supplier only last week that had me seriously worried as there was little or no concept of basic security... and as for the test-development cycle, they were trying to sell me a system I was using as a programmer 30 years ago.



SHARE:
+ Post New Thread

Similar Threads

  1. Dell "registered deals" - interested in feedback from schools and suppliers
    By AngryTechnician in forum Budgets and Expenditure
    Replies: 3
    Last Post: 22nd June 2010, 03:05 PM
  2. Differences between "School Guardian" and "Network Guardian"?
    By duncane in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 9th March 2010, 05:33 PM
  3. Replies: 2
    Last Post: 22nd February 2006, 01:30 AM
  4. EduGeek & Specialist Schools and Academies Trust
    By russdev in forum General EduGeek News/Announcements
    Replies: 0
    Last Post: 8th January 2006, 05:31 PM
  5. Implementing best practice ICT management and support
    By FITS in forum Courses and Training
    Replies: 16
    Last Post: 8th September 2005, 03:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •