Schools and higher education institutions are a data goldmine, often collecting more sensitive information about their prospective and enrolled students, alumni and employees, than private companies do about their customers. From personally identifiable information (PIIs) such as addresses and social security numbers to health records and payment information, universities and schools frequently run massive networks across several campuses, with a high turnover rate of students and staff, with thousands of individuals connecting to their online portals across a multitude of devices during all times of day and night.
It is no surprise therefore that educational institutions are prone to vulnerabilities, frequently falling victim to massive data breaches due to malicious outsiders, human error or policy blind spots. In 2019 alone, the likes of Stanford University, education software developer Pearson and Georgia Tech have all suffered data breaches, with Georgia Tech revealing a staggering 1.3 million of their records were exposed.
Data protection in the education sector poses a unique set of challenges, but by applying the right policies and tools, organizations can improve the overall security of their data and prevent major data breaches from compromising their records. Here are our three tips on how educational institutions can avoid disastrous data loss:
1. Limit the use of portable devices
USBs and other portable devices represent a weakness in many data security strategies. Data protection policies tend to focus on limiting data transfers outside a school or university’s network over the internet, but ignore the possibility of network infiltration or data loss through portable devices.
Through tools such as Data Loss Prevention (DLP) solutions, companies can implement device control policies that limit or block the use of portable devices. The use of USBs can thus be limited to trusted devices such as school-issued USBs or portable devices that enforce encryption automatically to protect sensitive data.
In this way, organizations can ensure that no suspicious or potentially infected devices connect to their institution’s network while still allowing students to use them as a way to save and transfer data securely.
2. Use cross-platform solutions with central administration
Diversity of devices and operating systems is something many educational institutions struggle with. While they can control which devices are available on their campuses, including the ones freely available to students, in today’s highly digitized world, they must also contend with the myriad of devices, from laptops to smart phones and tablets, that their students will inevitably connect to the institution’s network or try to access school online portals from.
It is therefore essential that educational institutions consider solutions with centralized platforms that can work across a number of operating systems and devices. Otherwise, they risk either creating a gap in their data protection framework that can be exploited or applying multiple niche solutions that require additional financial resources and more time and manpower to manage.
Centrally administered solutions are ideal: often requiring no more than one person to manage them, they can easily connect networks across multiple campuses. However, when it comes to operating systems, institutions should be weary of solutions that offer cross-platform coverage: they should make sure that they offer feature parity for all OS, not just a stripped down version of the tools available for Windows.
3. Monitor data
The biggest problem with big networks and online portals like those run by educational institutions is that oftentimes it’s hard to know where sensitive data is stored and how it moves. Data transparency is crucial for any successful data protection strategy as organizations must know what they need to protect and where it is located before they can adopt an effective data protection framework.
Educational institutions must therefore implement data protection policies that allow them to track sensitive data and find it on the network and the devices connected to it. Some DLP solutions take this a step further by allowing organizations to not only monitor and control the transfer of sensitive data, but also to delete or encrypt it when it is believed to be in a vulnerable location.
Monitoring sensitive data’s movements can also help flag suspicious behaviour such as accounts that may have been compromised or individuals attempting to steal data. It can also identify weak links in data protection policies, finding common exit points for sensitive data in a network, whether these pinpoint technical vulnerabilities or repeated mistakes made by employees or students. Data monitoring can thus support educational institutions in their data protection training efforts.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.