Back-to-School Cyber Security Checklist
With the new semester upon us, it’s a good time to reevaluate the way colleges and universities are securing and managing the digital information of their students, faculty, and administrators online.
For starters, we’ve noticed a few mega-trends in the higher education space with major security implications.
- Mobility—the increasing demand for secure mobile applications that run on handheld devices, and the burden it places on IT professionals to protect student and faculty data as it’s transferred from device to device.
- E-learning—the shift from paper textbooks and brick-and-mortar classrooms to online systems, content, and processes, and the management and security of those systems.
- IT Consolidation—particularly for state institutions affected by state budget cuts, the adoption of new data management models, and the new information protection strategies that must accompany them.
So how should colleges and universities tackle these challenges?
In general, authentication (particularly strong, “two-factor authentication”) is an excellent place to begin. In other words, can higher education institutions verify that someone attempting to access sensitive data—from any location—is really who they say they are?
It’s also crucial to make sure your enterprise is information-aware—that is, able to identify which data is most sensitive (e.g., academic records), and which added protections should apply.
A strong e-discovery solution should be another key priority. FERPA (Family Educational Rights and Privacy Act) and state-specific e-discovery and privacy laws place a high burden of responsibility on educational institutions to efficiently and robustly discover any digital assets that might be associated with a legal challenge or a FOIA request.
As for the Cloud—when it comes to hosted services like email, there are certainly cost savings (and often resiliency improvements, particularly for smaller institutions without a large data infrastructure), but it's incumbent upon higher education IT administrators to make sure their cloud providers offer the same rich set of security and privacy tools that they're used to seeing in their own native environments.
The reality is: There’s a very strong culture of openness in most higher education communities, and successful security strategies have to balance that expectation with appropriate data protections. It’s an ongoing challenge, and one that demands continual reassessment and fine-tuning.
Security, like learning, is a life-long pursuit.