Navigant's Cyber Risk and Information Security PracticeLearn More

Blog

Protecting Student Data: Improving Cyber Security in Academia09 February 2016

By
Academia

Academic institutions have the unique challenge of fostering an open learning environment while maintaining the confidentiality, integrity, and availability (the CIA triad) of their data. This responsibility lies not only with the head of information technology (IT), but with heads of school, assistant heads of school, and board trustees. The responsibility also lies with every member of the academic community to include students, teachers, and administrative personnel. Cyber security is a team sport and in an academic environment this is particularly true and appropriate.

Some of the academic institutions that we have talked with don’t realize that they are a target of hackers. There are dozens of K-12 and higher education data breach instances across the US each year. The hackers are relying on the fact that most of these types of organizations have done very little to harden their technology, implement robust policies, or educate their employees and students on basic cyber security awareness. Some examples of academic data breaches that occurred in 2015 include:

  • North Oldham High School in Kentucky had to alert 2,800 current and former students that a data breach in September could have exposed their names, social security numbers, and other personal information. The hacker was able to gain access through a successful phishing email directed at an administrative employee.
  • A student at Monroe High School in Michigan was charged with hacking the school district’s computer system and disrupting Internet service several times over a two-week period.

So if you are the head of IT or in another leadership role, how do you protect your data considering your unique and sometimes challenging operating environment? The answer is that there is no one answer or panacea. Organizations that have developed, implemented, and operate robust data protection use a combination of defense mechanisms (known as defense in depth). These mechanisms span the 3 pillars of cyber security (policy, people, and technology). The activities in each of these pillars can and should be tailored to ensure that the academic mission is not inhibited but that the institution’s data is protected. In every business decision there are tradeoffs and in cyber security this holds true. Part of our role is to develop a deep understanding of our client’s environments so we can provide objective, trusted advice that meets their unique requirements and helps them keep their data safe and secure.

In addition to traditional IT requirements like email, file sharing, and collaboration, academic institutions also must develop strategies for emerging technologies. These could include bring your own device (BYOD), social media, and cloud computing. These technologies present new challenges for organizations and opportunities for bad actors to exploit them. Students and faculty typically want to be on the leading edge of using these new technologies but the organization may not be ready to safely implement them. We find that our initial IT security-focused assessment conversations often morph into conversations that wind up including IT architecture assessments and recommendations that include these new technologies.

COMPASS has developed a methodology that combines the discipline of project management with the latest cyber security technology and data protection best practices to perform comprehensive and cost effective assessments. This methodology enables our clients to cost effectively address their cyber security needs and supports our vision of shifting the world’s data to be safe and secure.

In today’s hyper-connected world, every organization is just one data breach away from being a leading story in the news and on social media, which can severely damage reputation and brand. Find out how to protect your institution. Contact COMPASS to learn more about our methodology and service offerings and how they can help your organization develop a robust cyber security ecosystem.

 

Work With Us Learn How