Aug 12 2020

Best Practices for Securing a Learning Management System

Using an LMS will require a thoughtful approach to security and privacy.

With the shift to remote learning, schools became increasingly reliant on learning management systems, a central hub for teaching and learning resources.

An LMS makes it easier for educators to bring their classrooms online. It also gives them the flexibility to switch between in-person and remote learning.

On an LMS, educators can take attendance, deliver virtual instruction, assess student work and communicate with students and their guardians. Some states even plan to offer a statewide LMS to ensure equitable access to remote instruction across districts in the coming years.

But an LMS is not free of vulnerabilities. Like any other software or online app, an LMS requires a thoughtful approach to security and privacy to mitigate threats. Here are three best practices to better secure your LMS.

1. Check and Configure Appropriate Security Settings

With the wealth of information collected and stored in an LMS, it’s important to evaluate how it shares and secures that data. Administrators and users both should also be familiar with the security features that come with their platform and make sure they’re enabled.

For example, turning on multifactor authentication, which requires multiple credentials to verify a user’s identity, can help protect against threats targeting user passwords and accounts.

Assigning user permissions is also crucial to effectively protect data. These controls let administrators grant users the appropriate level of access and privilege, limiting accidental data exposure and compromised user credentials. For instance, G Suite for Education administrators can grant verified teachers the ability to create classes and view and manage guardian information on Google Classroom.

DISCOVER: Find out how to improve your cybersecurity program this school year.

2. Consider Integrating a Single Sign-On Solution

Single sign-on technology not only simplifies working on multiple websites and platforms, but also provides greater security.

With SSO, users can log in to a host of applications with just one set of credentials, reducing a school’s attack surface and making it easier for IT teams to manage user access. Solutions like OneLogin or Clever offer easy SSO integration with commonly used platforms such as Blackboard, Moodle and Schoology.

3. Don’t Forget to Train Your End Users

Teachers and students should also be cyber aware, no matter what online platform they’re using. “We can’t expect them to be able to understand what we mean when we say, ‘protect the privacy and security of data’ without giving them instructions on how to do that well,” says Linnette Attai, project manager for the Consortium for School Networking’s privacy initiative and founder of compliance consulting firm PlayWell.

One easy step to take is teaching users about password security, which involves screening against compromised passwords. LMS platforms also get phishing emails, so it’s a good move to educate users on how to avoid phishing scams too.

Feodora Chiosea/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.