Data Storage
For Higher Education
Secure Data Storage for Higher Education
Data security is a major concern for educational institutions. Data storage and network security are vulnerable at all colleges and universities-and data breaches cost them millions. We'll provide a look at examples, explore cybersecurity policy, and discuss how educational institutions can secure their data with Ciphertex products.
Georgia Tech
In 2019, a data breach affected the personal information of 1.3 million users, including students, faculty, and other staff. The incident was caused by unauthorized access to the school's web applications.
Washington State University
In 2017, a hard drive that had been locked up was stolen, and cybercriminals were able to access information on 1.2 million users; this demonstrates the need for physical higher education data security. It also set an example of how other schools should improve their university data protection. The university paid a settlement that compensated each victim $5,000.
Michigan State University
A 2016 data security incident cost the school an estimated $3 million. It is an example of why you need data protection for your students; 400,000 student and faculty records were breached, exposing sensitive data such as Social Security numbers and access credentials. Following the incident, the school provided all affected individuals with a credit monitoring service, which it purchased for them to use at no cost.
Maricopa Community College
The Arizona institution experienced data breaches in 2011 and 2013. Hackers accessed the Social Security numbers, names, and addresses of teachers, students, and vendors, then sold these online for a profit. The 2013 breach cost the organization $26 million the first year plus lawsuits that continued for years thereafter.
The most costly item to lose in a breach is customers' personally identifiable information (PII), with an estimated recovery price of around $150 per record-this is if the breach was caused by some sort of oversight. But if the breach is the result of a malicious attack, the average cost jumps to $175 per record. For intellectual property, the average cost per record is $147.6.
Ponemon's 2020 Cost of a Data Breach Report put a $3.86 million price tag on the average data breach. While investing in security infrastructure can decrease that, the report also noted other costs such as lawsuits, stricter privacy laws, and damage to reputation that can potentially add millions to the initial cost.
Standards in Data Encryption for Universities
University data protection and privacy are not managed under one regulatory body. Data protection requirements are regulated by various entities, including:
- Family Educational Rights and Privacy Act (FERPA): Regulates the use and protection of personally identifiable information (PII), academic records, billing information, and some types of student medical records.
- Health Insurance Portability and Accountability Act (HIPAA): Various student medical records are protected under HIPAA. Records of patients who are not students but affiliated with universities are covered as well.
- Payment Card Industry (PCI) Standards: PCI compliance in higher education is a concern when financial records are exposed during data breaches; schools often face liability for the misuse of these records
- Export Administration Regulations (EAR)/21 CFR Part 11 Compliance: Applies to data security involving certain types of academic research.
Another issue is schools often lack a centralized, strong university data protection program. IT services are often run at the departmental level, by student workers under little or no supervision. All the while, risks within and outside the university are prevalent as malicious actors hunt for personal data.
Policy and Key Management
Digital security for your school should be managed under a sound cybersecurity policy. This means security encryption guidelines must be applied to all devices that handle university data. To boost school data breach protection, applied encryption technologies must be considered with the following:
- Transmission of sensitive data and passwords
- Encrypted file transfer for personal and shared storage
- Communication of data between web applications and client machines
- Encryption of remote sessions via secure protocols (i.e., SSL, SSH)
- Use of a Virtual Private Network with encrypted access to services
- Whole disk encryption for laptops, phones, and other portable devices
- File level encryption on USB drives and other types of portable media
Boosting Digital Security for Your School
You can prevent confidential data theft/loss and its financial consequences with:
Secure Data Storage: Data encryption must be implemented for all on-premise storage resources. Former staff members should not have access to servers, while private clouds or hybrid data storage solutions should be used.
Encryption Software: The application should ease cloud collaboration and support audit and control across multiple platforms. Flexible configurations allow the system to work with different user types, security requirements, and institutions.
A Secure Website: The CMS is an easy access point and provides a vast amount of information. In addition to two-factor authentication and secure virtual file transfer solutions, consider an open-source CMS that is constantly being improved. Also, consider a single sign-on system for improved access control to multiple resources.
Cybersecurity Education: Human error is the cause of most cybercrimes. In addition to a high-performance security system and comprehensive policy, continuously educate students and faculty about the latest security threats. Cover the use of strong passwords and usernames, risks of malicious attachments and links, and proper reporting of issues to IT departments.
Manage Education Portable Data Systems: Rather than allow everyone to use USB and other portable devices, which can be used to launch or support a cyberattack, teach all how to safely use their devices on campus. Permit only those with secure data encryption.
Constant Data Monitoring: A high-performance security system requires constant monitoring. It can track data to let administrators find the source of an attack. Data Loss Prevention software provides analytics, allows suspicious accounts to be blocked, and identifies policy violations for additional layers of data security.
Data Backup and Recovery: A contingency plan must always be in place, as data breaches are possible even with the best systems. Schools and universities can continue to function with a disaster recovery plan, while insurance coverage can cover the costs of data security incidents.
