Stopping Information Leaks in Higher Education
It’s the dream of many college hopefuls to get into big name universities and acquire the skills to lead successful careers. The same applies to hackers.
University servers are packed with hundreds of thousands of student and alumni social security numbers, addresses, phone numbers and more—all the necessary information for identity theft.
Aside from the goldmine of private information, university systems have been hacked to change grades and even mine for Bitcoins.
But interestingly enough, these hacking attempts aren’t necessarily the biggest threats to a university. They’re big media topics and should definitely be cause for concern, but there are larger threats out there—like the university’s own staff.
“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” said Larry Ponemon, Founder of the Ponemon Institute. “Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today.”
Solving this problem isn’t about getting rid of your work-study students. It’s about tightening how a university’s information is managed. Some common security holes include:
- The use of removable storage devices (USBs, DVDs or hard drives) to store or transfer sensitive data.
- Emails with confidential content being sent to the wrong recipients.
- Unsecured files on cloud storage.
- Laptops or other mobile devices that auto-save passwords.
Anticipating employee leaks can be incredibly difficult, but there are ways to tighten IT security.
- Start by assessing the institution’s overall information strategy, including how information is received, stored, accessed, shared and destroyed.
- Is information saved in a secure repository that requires authentication before being viewed?
- Are employees only granted access to need-to-know information?
- Are records being destroyed in accordance with recordkeeping laws or university rules?
- Identify where human error can create security issues. For example, instead of sending sensitive content via email, send the location of the content within a secured repository (i.e. a hyperlink to a file stored in a document management system like Laserfiche). Even if the wrong email is entered, the recipient can’t access the file in the repository.
- Establish best practices for handling confidential information. This will create a standard that everyone can follow. It creates consistency and clarity in how to use, share and access this information.
- Routinely train employees. This goes hand-in-hand with the previous step. There’s no point in having an extensive guide if no one knows about it or isn’t updated on the latest changes. Repeated training and reinforcement will create a culture of safe information handling.
Defending against hacking attempts is definitely important, but statistically speaking, there are greater security dangers. Luckily, a university’s IT department does have a significant amount of control in preventing the more common security leaks.
Discover how Higher Education institutions around the world are using Enterprise Content Management software to maintain information security and automate many error prone processes. Download your free copy of “Quicker, Better, Safer: Higher Education“.