Secure Moodle

Security is one of the most important features in a world losing privacy by the day, a world in the digital age where people are increasingly concerned with privacy and ensuring their information is free from prying eyes online. So, what is Moodle? Well, it stands for “Modular Object-Orientated Dynamic Learning Environment”, nearly every education institution uses this system to integrate eLearning into their courses. So, you might be thinking, who would want to hack into Moodle and steal student information? Well as it turns out, plenty of people. Moodle stores personal information of students and staff alongside many other confidential files.

So, how do you make sure this information is secure? Well, as an organisation there multiple ways to do this, which include:

First and foremost, you need to have the most updated system. This may sound super simple but backdated systems can carry major security breach risks. The older the update of the system, the more vulnerable it is, and this is the fundamental rule of most web-based systems, including Moodle. So, step 1 – maintain your systems upkeep on a regular basis.

Secondly, get your systems backed up just in case data is leaked, and the organisation can recover quickly and efficiently. So, step 2, backup and make the inevitable preventable.

Thirdly, train your staff. Systems are automated and unlikely to fail unless there’s an interference of human error. What does this mean? Well, humans who operate these systems may not have the understanding of all new risks out there, in addition to the understanding of the do’s and do not’s of ensuring success in security. Step 3, train your staff through effective courses, such as eLearning.

Demand that all students/staff have undetectable passwords, don’t just use your mother’s maiden name or something easy like “password1” (yes we’ve all been there). Instead, encourage everyone to have difficult passwords and communicate through email or in person that they need to change their passwords every 90 days.

Don’t give everyone an enhanced admin profile, some users have neither the skill set nor the discipline to ensure the security of their account, as harsh as that sounds. They may, for example, leave their online profiles logged in and left on display for prying and manipulative eyes without realising the risks of something seemingly so trivial.

Effective security, that’s just a given. The internally included security that comes along with current Moodle systems are only rudimentary firewalls, and are hardly hacker proof. A recent scandal, as reported by the BBC outlines the effects of a data breach at the University of Greenwich. Sensitive data including medical history, teaching comments and access to “21,000” email accounts were posted online, along with information that a student had a brother who was fighting in a Middle Eastern army and references were made to an asylum application.  So, stepping up security is vital. Go well beyond the basics supplied with Moodle packages.

Overall, these systems are just systems, humans need to operate them. If you want to have the best, secure Moodle system for your organisation available, then we would suggest you train your employees regularly through multiple avenues such as eLearning.

At Fresh01 we offer bespoke learning systems. Whether you’re a customer-facing organisation or a university, the upfront cost of ensuring appropriate security measures are met is often less costly than compensation payouts or fines imposed as a result of security breaches, that a company may potentially have to pay if measures are not put in place prior to cyber-attacks.