In business, data security is essential, as servers may contain users' personal data, financial information or login credentials.
In eLearning and education, data security is just as important. For example, a Learning Management System (LMS) houses sensitive student information. A breach of the LMS would mean loss of confidential data and even compromise grades if the breach was used to cheat.
A breach of the LMS could result in abuse of personal information, emotional distress, damage to your reputation and loss of client confidence, regardless of the context in which it occurred. This in turn could lead to loss of your competitive advantage and even severe financial harm. In one word, it would be a DISASTER.
That is why security is one of the most important characteristics of any eLearning LMS or software program hosted on the Web, especially one that is open source.
However, the level of security that a software product offers can be quite difficult to evaluate. The security aspect is notoriously easy to overlook, since it is usually excluded from product overviews and feature lists. And even the most watertight system will be easy to break into if one’s password is his/her birthday. Still, there are certain features which can greatly improve eLearning security. Let's explore four of the more important ones now.
SSL has become the standard in security technology for establishing an encrypted link between a server and a client. It allows sensitive data such as personal information and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is transmitted in plain text, leaving the user vulnerable. If someone manages to intercept that data traffic, they can harvest and exploit the information which is being sent. SSL mathematically scrambles data, so that only the webpage and the end user can read it. The SSL protocol is the must-have when it comes to internet and data security and most users are already familiar with it (it is represented by the padlock icon in the search bar).
To keep the system safe, one must make sure that users can perform actions as intended. In order to access a certain feature in the system, a user must possess the appropriate privilege. User roles represent the combination of these privileges. Privileges define which actions a user can or cannot perform within the system. Admins operate the platform; teachers manage content, create tests, and receive test results and user statistics. Students can access the content and take tests, ask questions and give feedback in the comments. However, user roles are not predetermined. Privileges can be granted or revoked and freely combined. This allows for greater flexibility since admins can create custom roles to fit any particular situation and the needs of various organizations.
Attackers know that LMS vendors take good care of the system infrastructure and process security; on the other hand, the end users are a much easier target. When someone wants to access the content on a LMS, he/she will have to login to the system. And there lies the problem, 95% of data breaches are managed by acquiring login credentials. As was already mentioned beforehand, even the most rigorous security measures would be of little help if the users set their pet’s name (which is heavily featured on all social media) as passwords. This particular problem has proven extremely hard to solve. The troubling fact is that most users simply don’t care enough about security and make surprisingly poor password choices. They don’t adhere to instructions and usually skip two-factor authentication. The research on internet security shows that the majority of users’ passwords or security questions are available on their public profiles.
It is of paramount importance to make sure that it is extremely difficult to steal login credentials. That is why it is essential that your system require that passwords include a minimum of eight characters, at least one uppercase, one lowercase letter, a special character and a numeral. It might sound cumbersome and some may view this as an annoyance, but it is the only way to make sure that users are taking necessary precautions when choosing their passwords.
Another often annoying security layer we have all experienced is Captcha technology. The Captcha option to enable a captcha on signup or sign in to your LMS adds one more layer to the already thorough security protocol. Captcha goes a long way in ensuring the safety of an LMS as it hinders the usage of automated tools to break into the system or bots that can roam the Internet looking to exploit vulnerabilities.
Someday, we might devise a perfect security system, one which eliminates all possibility of human error. But as long as the system relies on every individual user to be responsible and guard confidential information, there will be considerable risks. Nonetheless, there are certain measures which can minimize these risks. They come in many different forms and deal with both the structure of the system itself (encryption, permissions, CAPTCHA) and standards which users themselves must adhere to (password requirements). All of these are essential if one wishes to protect the crucial information in one’s eLearning system, both in corporate or purely educational context.
For more information, or to schedule a security review with our LMS expert, Dr. Jonathan Ross, please contact us today!
We would love to quote on your next project, or just chat about what's on your mind.
Media Learning Systems Inc.
1 King West, 48th Floor
Copyright © 1996-2023, Media Learning Systems Inc. All Rights Reserved.