10 Security Best Practices to Keep Your School Website Safe




It’s easy to put website security low on your priority list, especially when you’re first setting up a new site, migrating or revising your school’s existing site. Often, we’re so caught up with aesthetics, navigation, content, calls-to-action, functionality, etc. we forget how important security really is. However, it’s important for schools to realize they have every reason to be just as concerned about security as larger enterprises.

You may see news headlines about cyberattacks on brands like Microsoft, Zoom, Magellan Health and Nintendo, but that’s only because schools don’t always warrant media coverage. As a matter of fact, schools were hit harder than any other industry in 2020, costing an average of $2.73 million per ransomware attack. There has been a major uptick in school website hacks since the beginning of the COVID-19 pandemic. As a matter of fact, from Nov. 6 – Dec. 6, 2021 educational organizations were the target of 7.58 million malware attacks, or 62 percent of ALL such attacks. Unfortunately, 1,681 schools, colleges and universities in the U.S. were impacted in 2020.

School websites are vulnerable to cyberattacks so it’s important you understand how to protect your school’s site from getting hacked. Here are 10 security best practices to put in place to ensure the safety of your website.

  1. Install SSL certificate

One of the easiest things you can do to protect your website is to install a Secure Sockets Layer (SSL) certificate. SSL encrypts information passing between your website and your visitors. Your web host provider should offer SSL certificates, which you will need to pay for, but it’s worth it for the higher level of security.

  1. Keep software updated

Software with known vulnerabilities is one of the easiest ways for hackers to break into your site and compromise your system. Don’t hit the “Remind Me Later” button when your software is ready for an update; instead, update your site regularly to minimize security risks.

  1. Run regular backups 

Creating backups of your website ensures you have an older version of your site in the event your site is hacked. A backup is basically a copy of your website data, including databases, content, media and files. If you have a large website you make need a large amount of backup storage to save all your data.

There are several ways you can back up your site. You can use a backup service to do the work for you, or you can look for web hosts that include backups or offer them as an addon. There are also WordPress plugins you can upload, such as UpdraftPlus or VaultPress. 

  1. Make your passwords unhackable

While this may seem obvious, not everyone uses a secure password or updates it frequently. The best passwords are the ones the computer suggests. Yes, I know, those are impossible to remember. That’s why I suggest you use a password manager like LastPass or 1Password to help you store and track your passwords.

  1. Get alerted if your website goes down

Almost all sites go down at one point or another. Even major sites like Google, Twitter and Facebook go down at times. The important thing is how quickly you are able to respond to your site going down and get it fixed.

One uptime monitoring program you might want to consider is Pingdom. One of the great features about Pingdom is the ability to monitor your site from different countries, so you will know if your servers are inaccessible abroad, even if it seems it is working in the U.S.

Pingdom provides statistical reports over time. This can help you know whether you should reach out to your hosting provider or switch to a new one.

  1. Get notified if your website is hacked

Unfortunately, malicious attacks on educational websites are common. Hackers create malicious software (malware) that they install on visitors’ devices without their knowledge. Malware attempts to hack into personal data or damage devices.

Google Search Console is one of the best ways to get notified if your site is hacked.

Read more here: Google Search Central Malware and Unwanted Software

  1. Monitor your links

Links are important for search engine optimization (SEO), and often if a high-authority link becomes broken you may lower your ranking in search results. Unless you regularly monitor your backlinks, it is virtually impossible to know if your links are broken.

An easy way to check your links is to use the Chrome extension Check My Links, which scans your webpages and identifies broken links. Another great tool is LinkChecker.pro, which offers additional features like if the link was changed to nofollow or was canonicalized to a different URL.

  1. Monitor bot traffic

Malicious bot traffic can be a serious threat. A sudden uptick of bot traffic can be a sign of a DDoS attack. DDoS stands for “distributed denial of service”. A DDoS attack is when bots request more than a server can handle, thus causing the site to crash.

A bot attack can slow or shut down your site, indicate content scraping or theft of data. Finteza is a tool you can use to monitor bot traffic as well as track down sources of an attack.

  1. Monitor school mentions

Tracking whenever someone mentions your school’s name is critical to monitor what’s happening with your website and marketing. Your active families will most likely notify you if something is amiss. Usually, someone will say something if your site is down, a page looks hacked or something is not working right on your site.

School mention monitoring will help you fix problems quickly because you can recognize a problem in a timely manner, reply to your user so they know you are working on the issue and allow you to move conversations from public view to a private message.

You can easily set up Google Alerts or use Mention which is a freemium app to monitor mentions.

Read more: 10 Tools to Use to Monitor Your School’s Online Presence

  1. Invest in anti-malware software

Anti-malware software will monitor and detect threats, alert you and remove the threats from your website. Anti-malware software may seem expensive, but when you consider the damage a cyberattack can cost you in terms of stolen data, loss of trust, and down time of your site it is well worth the investment.

Popular options for anti-malware software include Sucuri, SiteGuarding and Quttera. Most website hosting platforms offer anti-malware software as an added feature.

With the rise in cybersecurity attacks, it’s important for schools to administer a data and safety monitoring plan that outlines how your team will create systems for implementing cybersecurity protocols. It’s also important you train and educate your staff on protocols for safe passwords as well as how to spot suspicious emails. As cybercrime continues to evolve and schools share more information online, it’s crucial to create protocols to ensure your site will remain safe and secure.

What security protocols do you have in place to protect your school website? What should be added to this list? Please comment below…

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Training and Community for K12 School Marketing and Communications Professionals

In The MarCom Society, we train your team to be better school marketers so you can stand out from other schools, earn more inquiries from prospective families, and understand get the most bang from your marketing dollars

The MarCom Society

MarCom Society