Last year our CEO asked if I would be interested in starting a Girls Who Code club in our local school system. He had been inspired by the Girls Who Code founder to take action and help close the gender gap in the technology industry. I was excited to jump in and work for a cause that I passionately support. As an educator, I firmly believe that encouraging all my students to share diverse opinions improves our classroom environment. I’m excited to extend this attitude to my technology career. As we encourage diversity in the technology field, we make our teams, our companies, and the industry stronger. Let’s take a look at how encouraging diversity can benefit your organization.
How do you maintain an environment that is both open and secure? Many professionals who work in education cybersecurity have to answer this question, but it seems to be a catch-22. Typically, colleges and universities value a collaborative environment. At the same time, education is unlike nearly every other industry in the sheer volume of private information IT teams must safeguard. How can cybersecurity professionals balance education values with the safety of students and faculty?
The first blog in this series discussed the importance of including information security in the strategic planning of any educational institution. In today’s blog I would like to take a closer look at the problem of data breaches in education. Cybersecurity is a big topic in the news these days. We are constantly hearing about a new vulnerability or exploit that can infiltrate software or devices. Regrettably, these attacks have led to the exfiltration of sensitive data in many forms. It’s no wonder that education IT professionals have rated information security as a top concern in many EDUCAUSE surveys. Symantec’s 2016 Internet Security Threat Report found that the cost of data breaches in education is the second highest of all industries. These organizations already have tight budgets and dealing with an attack takes away some of those already precious resources. What can you do to protect your assets? A 2016 Ponemon Institute study found the three root causes of data breaches in the education sector are: malicious attacks, process failure, and human error. Keep reading for some tips you can use to lower your chances of a data breach at your institution.
Proactive Network Threat Detection with Monitoring Software
It is important for IT professionals to know the traffic on their network top to bottom. With this in mind, having a powerful tool to break down and analyze the traffic makes that job easier. In addition, network monitoring has gone beyond optimizing network bandwidth and uptime. Insightful flow data gives security conscious IT professionals a new way to stay on top of how the network is used. With this data you can detect out-of-the-ordinary behaviors like data exfiltration or botnets before they become out-of-control problems. For more information on how we can help you get detailed information on your traffic, check out the blog Adding Context to Detection with Netflow.
Review Security Processes and Policies
We’ve all participated in drills that test the plans in place for fires and tornadoes. It is just as important to have an IT security plan in place to protect the data stored at your institution. A well thought out security strategic plan allows administrators and employees to see where they are expected to go and focus their efforts in the right direction. Unfortunately, many educational institutions do not have an up-to-date information security plan, if they have one at all. Some even claim to have a strategy to prevent data breaches in education networks, but really don’t. Creating plans and policies to promote security-conscious behaviors and protocols will help to keep your data safe from potential thieves. Some items you might want to outline in your security plan include:
- Antivirus and encryption solutions
- Access control policies
- Data backup solutions
- Policies that focus on staying up to date with security patches
Are you unsure where to start your security planning? EDUCAUSE offers many resources to assist in the creation of policies that reduce cyber risks.
Educate Students and Staff
Human error is the cause of 25% of data breaches in education. The Symantec 2016 Internet Security Threat Report lists examples of human error, which include someone leaving a computer unlocked, writing a password on a sticky note, losing a device, and behaviors that make an individual susceptible to phishing attacks. Making user education a priority can save you many headaches in the future. It is important to have a plan that includes regular education to promote awareness, along with security audits to verify that the message is being reflected in staff and student behaviors.
The data available at educational institutions are a high-value target for cybercriminals. Becoming proactive by creating a security
The Plixer team recently had the opportunity to attend the 2016 EDUCAUSE Annual Conference in Anaheim, California. Over the course of the show we got to meet with many security, network and executive teams. We listened as they shared with us the problems they are facing every day. Networking teams need efficient and timely ways to monitor the performance and saturation of their resources. Executive teams need reports to help them plan and manage the networking infrastructure. Security teams need to protect assets with the least user restriction possible. As a former educator and technology integrationist this issue resonates with me. There are so many demands on the educational IT professional and they are often working with limited resources and budgetary restraints. Our industry-leading security analytics and incident response system called Scrutinizer helps to provide efficient cybersecurity and threat visibility management for schools and universities, making the most of the resources available to you.
I was recently given the opportunity to attend the 2016 EDUCAUSE Annual Conference in Anaheim California as part of the Plixer team. For those not familiar with this event, EDUCAUSE describes itself as the “premier convening of IT professionals and technology providers across the diverse higher education landscape. The conference creates networking opportunities for colleges to share ideas regarding strategies, leading change, effective processes, what’s working, and sometimes—more importantly—what isn’t.” Attendees for this event range from hands-on network and security technology administrators to directors and CIOs. The security and network teams we spoke with were interested When speaking with executive leadership, we had robust conversations about improving student retention rates. This blog will dig into each of these topics and shed light on where Plixer offers unique value.