Feb 20 2017

Survey Finds Some Ed Tech Software and Applications Are Lacking Proper Security

Here’s how to make sure your digital tools are secure.

With data-driven tools in such high-demand, it seems like new ed tech websites, applications and software are cropping up every day. But do these tools protect the information teachers and students share?

The answer is, yes and no.

In a survey of more than 1,000 ed tech vendors of all sizes, Common Sense Education’s Privacy Evaluation Institute found that only 52 percent of the vendor websites require encryption of login and personal information.

The rest of the sites surveyed either don’t require encryption (20 percent) or aren’t built to support it (25 percent), which is quite surprising, given that Common Sense describes this step as being so basic that it’s like “walking and chewing gum at the same time.” The survey found that all types of vendors were guilty of not having this minimal security standard.

“It should be noted that a complete lack of support for encryption was observed from vendors of all sizes — from small services to early and middle-stage start-ups to privately held companies that have been used for years to enterprise applications that are used in thousands of districts with millions of learners,” writes Bill Fitzgerald, the director of the Common Sense privacy initiative.

A blog on Common Sense indicates that while the tech industry moves toward making software, applications and websites more secure — Google, for example, has prioritized encrypted sites in search results — there are some ways that educators and administrators can make sure the tools they are using are, at the very least, encrypted.

Best Practices for Insuring Ed Tech Apps Are Secure

Finding out if a website is encrypted is actually the easiest step, Common Sense reports. Simply check if the url begins with https://. This indicates that the website supports some level of encryption.

In his blog, Fitzgerald also recommends Observatory from Mozilla, which details security protocols of websites for the more tech-savvy, like district IT departments.

Common Sense also suggests checking out their evaluations of tools, which indicate whether or not an education tool is encrypted.

Another good step is checking the Student Privacy Pledge, which has been signed by 325 ed tech companies that have promised to safeguard student privacy.

Districts like Raytown Quality Schools have made efforts to negotiate data protection when they are making an agreement with a vendor, EdTech reports. However, when it comes to free applications, they, like many other schools, have found digital citizenship education for students and teachers to be key.

“You can put policies in place, but there’s no software or other tool that can enforce them,” Craig Bates, coordinator of instructional technology at Talladega County (Ala.) Schools tells EdTech. “Education is the best defense because that’s what can lead to everyone being diligent.”


Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.