Close Menu
Trending
Higher ED

Strengthening Website Security in Higher Education: Lessons from the FTC’s GoDaddy Settlement

Josephine Law, FIP, CIPP/US, CIPMBy Updated:No Comments2 Mins Read
The logo for GoDaddy is displayed on a computer screen on Thursday, Jan. 16, 2020, in New York. The Federal Trade Commission said Wednesday, January 15, 2025, that GoDaddy had failed to protect customers from security threats. AP Photo/Jenny Kane © AP Photo/Jenny Kane
© AP Photo/Jenny Kane

The Federal Trade Commission’s proposed settlement with GoDaddy has implications for businesses and higher education institutions. With increasing reliance on web hosting providers for student portals, learning management systems, and alumni engagement platforms, colleges and universities must prioritize security when selecting and managing these services.

Here are four lessons from the GoDaddy case that higher education institutions should consider:

Evaluate Your Hosting Provider’s Security Practices

In the context of higher education, sensitive data—such as student records, financial information, and research data—must be protected. Institutions should ensure their hosting providers:

  • Encrypt sensitive information, both in transit and at rest.
  • Implement strict access controls to protect administrative and user accounts.
  • Regularly monitor and log access to critical systems, like student portals or admissions platforms.

As stewards of student and faculty data, higher education institutions must demand transparency from vendors about their security practices.

Enforce Multi-factor Authentication (MFA)

Universities frequently manage accounts for thousands of students, faculty, and staff. Implementing MFA for web hosting platforms and campus-wide systems is critical in preventing unauthorized access to accounts. If your hosting provider doesn’t offer MFA, it’s a sign that their security measures may not align with the needs of a modern institution.

Regularly Audit Third-Party Vendors

Higher education institutions often work with multiple vendors for hosting, LMS platforms, and research systems. Regular security reviews are crucial to ensure compliance with regulations like FERPA, GDPR, and HIPAA (for health-related programs). Request vendor certifications, such as SOC 2 Type II or ISO 27001, to verify their adherence to industry standards.

Learn from Real-World Consequences

The risks of lax data security are significant in higher education, where breaches can impact students, staff, and alumni. From phishing attacks targeting students to compromised alumni donation platforms, the stakes are high. Proactively addressing these risks with strong vendor management practices can protect institutional reputation and community trust.

As technology transforms higher education, institutions must stay ahead of evolving cyber threats. By selecting secure hosting providers, enforcing MFA, and conducting regular audits, universities can safeguard sensitive data and maintain the trust of their stakeholders.

The FTC’s guidance offers an opportunity to reflect on current practices and take proactive steps to mitigate risks. Read the FTC’s blog post here for more insights.

Senior IT Risk Analyst, Information Security and Assurance | Fordham University Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Manager (CIPM) with a strong background in IT risk, privacy, and security. A versatile writer with experience in technical, policy, marketing, and social media content, blending expertise in business writing with communications and academics. Creative, resourceful, and adaptable, with a strong work ethic, a positive attitude, and a sense of humor.

Related Posts