Education: How are you securing access to data?

Educational institutions provide network access to many different parties including faculty, staff, students, and contractors. In addition to having access to campus and course information, these parties may also store their own personal data on university servers. A security breach could result in a disastrous loss of information ranging from email addresses to online course materials. In addition, your school may face penalties for violating The Family Educational Rights and Privacy Act - a federal law that protects the privacy of student records. Depending on the nature of the data breach, your school may even lose federal funding for financial aid. Here are a few ways educational institutions secure their sensitive data:

  • Using VPNs - Businesses often use Virtual Private Networks or VPNs to stop prying eyes from viewing or intercepting data over a network when employees are connecting remotely. Today, many universities require students to do the same thing. This ensures data transmissions are encrypted and secure when students log in from airports, coffee shops, and other off-campus hotspots.
  • Training staff and students - Colleges and universities minimize data breaches by ensuring that teachers, staff, students, and contractors receive annual data protection training. Protection policies must be up-to-date and must reflect current university compliance protocols.
  • Hiring DPOs - It is common for educational institutions to hire a Data Protection Officer (DPO) whose sole responsibility is to prevent data breaches, improve security, investigate breaches, and train staff.
  • Purchasing cyber insurance - Given the severe financial implications associated with data breaches, many universities now have cyber insurance.
  • Conducting network security audits - Since universities handle so much sensitive information every day, it is essential that they know a) where the data is located b) what parties have access to what data and c) the dates and times data is accessed. As a result, many educational institutions are embracing the network security audit process for its ability to identify, detect, and remedy security threats.

While many people assume data breaches primarily affect big companies, educational institutions are actually a prime target. Privacy Rights Clearinghouse found that there were 19 known data breaches on educational institutions in 2016 resulting in the loss of 64,989 records. With so many different people coming and going, and accessing files and personal information on a regular basis, you can’t afford to have subpar data security at your university.