The first blog in this series discussed the importance of including information security in the strategic planning of any educational institution. In today’s blog I would like to take a closer look at the problem of data breaches in education. Cybersecurity is a big topic in the news these days. We are constantly hearing about a new vulnerability or exploit that can infiltrate software or devices. Regrettably, these attacks have led to the exfiltration of sensitive data in many forms. It’s no wonder that education IT professionals have rated information security as a top concern in many EDUCAUSE surveys. Symantec’s 2016 Internet Security Threat Report found that the cost of data breaches in education is the second highest of all industries. These organizations already have tight budgets and dealing with an attack takes away some of those already precious resources. What can you do to protect your assets? A 2016 Ponemon Institute study found the three root causes of data breaches in the education sector are: malicious attacks, process failure, and human error. Keep reading for some tips you can use to lower your chances of a data breach at your institution.
Proactive Network Threat Detection with Monitoring Software
It is important for IT professionals to know the traffic on their network top to bottom. With this in mind, having a powerful tool to break down and analyze the traffic makes that job easier. In addition, network monitoring has gone beyond optimizing network bandwidth and uptime. Insightful flow data gives security conscious IT professionals a new way to stay on top of how the network is used. With this data you can detect out-of-the-ordinary behaviors like data exfiltration or botnets before they become out-of-control problems. For more information on how we can help you get detailed information on your traffic, check out the blog Adding Context to Detection with Netflow.
Review Security Processes and Policies
We’ve all participated in drills that test the plans in place for fires and tornadoes. It is just as important to have an IT security plan in place to protect the data stored at your institution. A well thought out security strategic plan allows administrators and employees to see where they are expected to go and focus their efforts in the right direction. Unfortunately, many educational institutions do not have an up-to-date information security plan, if they have one at all. Some even claim to have a strategy to prevent data breaches in education networks, but really don’t. Creating plans and policies to promote security-conscious behaviors and protocols will help to keep your data safe from potential thieves. Some items you might want to outline in your security plan include:
- Antivirus and encryption solutions
- Access control policies
- Data backup solutions
- Policies that focus on staying up to date with security patches
Are you unsure where to start your security planning? EDUCAUSE offers many resources to assist in the creation of policies that reduce cyber risks.
Educate Students and Staff
Human error is the cause of 25% of data breaches in education. The Symantec 2016 Internet Security Threat Report lists examples of human error, which include someone leaving a computer unlocked, writing a password on a sticky note, losing a device, and behaviors that make an individual susceptible to phishing attacks. Making user education a priority can save you many headaches in the future. It is important to have a plan that includes regular education to promote awareness, along with security audits to verify that the message is being reflected in staff and student behaviors.
The data available at educational institutions are a high-value target for cybercriminals. Becoming proactive by creating a security