+ Post New Thread
Results 1 to 8 of 8
General Chat Thread, Poor security practices between schools and suppliers in General; I had a request today from one of our suppliers to send them the username and password for an affected ...
  1. #1

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,630
    Thank Post
    514
    Thanked 2,442 Times in 1,890 Posts
    Blog Entries
    24
    Rep Power
    831

    Poor security practices between schools and suppliers

    I had a request today from one of our suppliers to send them the username and password for an affected user for the system. It got me thinking about suppliers in education and how many still don't seem to understand good security practices. I've dealt with another a while back who wanted us to email over all the personal details of our students via a normal email.

    Why is security so low on the agenda still?

  2. #2
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,135
    Thank Post
    47
    Thanked 146 Times in 128 Posts
    Rep Power
    45
    I've dealt with a company who wanted a domain admin account sent via normal email. They didn't get it...

  3. #3

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,447
    Thank Post
    1,438
    Thanked 1,168 Times in 797 Posts
    Rep Power
    707
    Quote Originally Posted by localzuk View Post
    Why is security so low on the agenda still?
    I think a lot of the time, it comes down to pure ignorance; they simply do not understand the security implications of what they're asking you. I can't count the number of times I've argued with people both inside and outside of the school about emailing sensitive data; their argument usually amounts to "of course my email is secure, I have to login with a username and password!"

  4. #4


    Join Date
    Sep 2008
    Posts
    1,752
    Thank Post
    320
    Thanked 258 Times in 211 Posts
    Rep Power
    119
    On the flip side of that I have had an argument from someone who refused to send/receive any information via email because you couldn't be sure it was sent to the right person and you didn't know if it would get there. He also didn't seem to acknowledge that the system they were using meant that any letters we sent meant we could wait up to a week for a simple request or in the case were they were on holiday /off sick it would would sit on their desk until they got back. Oh and apparently letters never got lost and were much more secure. I gave up trying to explain why email would be a better solution after he complained about his email problems but refused to speak to his IT department. *To be fair it was a non IT role but I still couldn't understand their view*

  5. #5
    rich_tech's Avatar
    Join Date
    Mar 2011
    Location
    Wales
    Posts
    1,026
    Thank Post
    129
    Thanked 132 Times in 115 Posts
    Rep Power
    63
    It makes you wonder why we all still insist on Email being any sort of communication, given largely that its unsecure outside of using things like encryption, which people do not bother with only very rarely.

  6. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    Quote Originally Posted by rich_tech View Post
    It makes you wonder why we all still insist on Email being any sort of communication, given largely that its unsecure outside of using things like encryption, which people do not bother with only very rarely.
    It makes you think why that on the whole uts not been made more secure…

  7. #7

    Join Date
    Apr 2006
    Posts
    388
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    44
    Quote Originally Posted by localzuk View Post
    Why is security so low on the agenda still?
    The path of least resistance. I would imagine they can get away with it with most schools, so they don't bother. It'll only be once the data owners collectively start getting narky about sending unencrypted data around the place that it will change.

  8. #8

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,701
    Thank Post
    1,783
    Thanked 2,168 Times in 1,603 Posts
    Rep Power
    769
    My impression is that too many systems are the result of "back room development". Someone has a great idea and develops it, but they don't realise that there are certain security and data protection functions that must exist. I went to supplier only last week that had me seriously worried as there was little or no concept of basic security... and as for the test-development cycle, they were trying to sell me a system I was using as a programmer 30 years ago.

SHARE:
+ Post New Thread

Similar Threads

  1. Dell "registered deals" - interested in feedback from schools and suppliers
    By AngryTechnician in forum Budgets and Expenditure
    Replies: 3
    Last Post: 22nd June 2010, 02:05 PM
  2. Differences between "School Guardian" and "Network Guardian"?
    By duncane in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 9th March 2010, 04:33 PM
  3. Replies: 2
    Last Post: 22nd February 2006, 12:30 AM
  4. EduGeek & Specialist Schools and Academies Trust
    By russdev in forum General EduGeek News/Announcements
    Replies: 0
    Last Post: 8th January 2006, 04:31 PM
  5. Implementing best practice ICT management and support
    By FITS in forum Courses and Training
    Replies: 16
    Last Post: 8th September 2005, 02:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •