The Herald Bulletin

January 9, 2014

Editorial: ACS must remain vigilant to protect student data


The Herald Bulletin

---- — The digital age certainly has made our lives easier.

In this day and age, there’s no need to write a check or buy stamps to pay bills. Just use online bill pay.

Don’t pick up that phone book. Just look up the store’s website on your smartphone and hit "call."

Forget the drive to Grandma and Grandpa’s house for a weekend visit. Just dial them up for a video call on Skype.

We can argue about whether these things have actually made our lives better, but what is undeniable is they’ve made us more vulnerable.

Our personal and financial data are in the public realm more than ever before, some of it hidden behind a flimsy password that’s a combination of a last name and birth date. While companies remain vigilant in protecting our information, breaches do happen. Hackers and criminals find ways to get around defenses, and you end up with 40 million Target customers canceling credit and debit cards and watching their bank statements like hawks.

But not every hack targets a large company. Highland Middle School found this out the hard way.

Last month, hackers broke into Highland’s website and made changes to the home page.

Joe Cronk, chief operating officer for the Anderson Community School System’s Information Technology department, said the school’s webmaster was using WordPress, a site outside ACS’ system. Cronk also said all information on the site is public, so nothing beyond what is found on the site could be accessed.

It’s good news that student data such as grades wasn’t at risk. But it’s disturbing that ACS would allow its Highland site to exist outside its system on a web service that even the lowliest of hackers could easily infiltrate.

Not that it would have been safe inside the system. Cronk admitted this was not the first time an ACS website had been hacked.

ACS should continue to be vigilant in protecting its digital resources, ensuring the latest security measures are in place. Hackers are relentless and the next time they strike it could be a system far more sensitive and complex than a WordPress website.

In summary Hackers may not have gotten sensitive data this time. It doesn't mean they won't the next.