03 Jul Data security in higher education: 3 improvements to make over summer break
According to EDUCAUSE, the top issue that higher education IT administrators face currently is information security. Higher-ed institutions like universities and colleges deal with considerable, sensitive information, encompassing the personal details of students and faculty members alike. Now that malicious actors use an array of sophisticated approaches to breach systems and steal or compromise data, security must be a top priority.
The summer break between semesters is an ideal time for IT administrators and data security officers within the higher education sector to shore up their defenses and improve information protection. Here are three key areas to target with those improvements:
1) Be aware of the critical risks
Before enhancing data security capabilities within higher education IT systems, admins should ensure they’re educated about the types of data protection risks that impact their organizations. As the Center for Digital Education pointed out, there are several security issues that challenge current cybersecurity systems at colleges and universities:
- Phishing attacks, which use advanced social engineering to target particular users and encourage them to open a malicious attachment or click a link that launches malware.
- Cloud security, especially as more cloud-based systems are deployed within higher ed IT infrastructures. These platforms must have the right security protections to safeguard information stored and in transit between cloud platforms.
- Need for more robust access management has also been a challenge. Institutions must have strong controls to ensure that only authorized users can access key systems.
Other issues, including the risk of ransomware, and the use of unsecured personal devices by faculty and students on the school network also impact overall information security. With awareness and education around these risks, though, administrators can work proactively to block the specific risks that challenge their data security.
2) Understand the current infrastructure
It’s also critical that IT security stakeholders have granular visibility and a comprehensive understanding of all the systems, applications and data within their IT infrastructure. Admins can’t protect platforms appropriately if they don’t know that they exist within the infrastructure. As shadow IT concerns continually emerge, it’s imperative that admins fight this head-on, and regularly update their network and infrastructure topology maps.
Watermark contributor Anna Rudolph also recommended that admins keep an inventory of the data being collected from users and how this information is leveraged.
“This could include intellectual property, student information, and employee data,” Rudolph noted. “By identifying the kind of data you’re working with, you will be able to develop a comprehensive and proactive plan to protect each category of data.”
3) Establish a plan for responding to threats
In the current cybersecurity landscape, IT leaders should understand that it’s no longer a matter of if a cybersecurity threat will emerge, but when. For this key reason, stakeholders should also create a response plan that they can carry out when a security issue does appear.
According to the Readiness and Emergency Management for Schools (REMS) Technical Assistance (TA) Center, this plan should include reporting requirements for pertinent compliance standards, as well as contingencies to ensure that institutional learning can continue. Check out the fact sheet here for more information.
If your institution’s data security systems are ready for an upgrade, connect with our expert consultants at Pinnacle today.