A byte-sized course in data protection for college administrators
It’s a long-held mystique: colleges and universities are often seen as secure, self-contained worlds free from the kinds of risks facing other sectors, like corporate America and government agencies. But when it comes to information security, campuses everywhere have extraordinary challenges. From compliance with regulations like HIPAA to faculty and staff training on safe digital habits, there are dozens of considerations higher-ed administrators should get a handle on.
At the heart of information security: Data.
What types? Where and how to store it? How to dispose of it? Here are four vital steps to take to secure your data.
1. Define what qualifies as “sensitive data”
Be clear and specific in laying out what constitutes “sensitive” for personnel. Create a data classification system (such as Public, Confidential, Sensitive) with clear definitions, and describe how each classification should be handled.
2. Determine where to store data—and show everyone how to comply
Some campus administrators might not explain to faculty and staff where they should safely store sensitive information. Even if they have a secure way to store data, they don’t enforce it. Often, without clear direction, personnel will choose storage locations of their own. The Cloud. Their local hard drive. A shared server. They may think they’re using a secure location, but they’re exposing your school to a possible breach. Set up a storage system with safeguards, and communicate the policy campuswide.
3. Store only what must be preserved
School records sometimes are sometimes perceived as sacred artifacts. But that’s not necessarily true. If your institution isn’t required to keep certain records, dispose of them safely. Sure, it can be time-consuming. But the less data you have on hand, the better. Follow your local laws and statutes to determine what you have to keep. And implement a procedure for safely destroying what you don’t need.
4. Hold the keys to information closely
Access to information can become sloppy over time. A staffer transfers to a different department but still has access to data from a former role. A professor leaves your school but continues to have access to record systems. Or, some employees may have access to student information because job descriptions and data access aren’t well aligned. Develop a policy that defines who should have access to which data, and monitor access as people change positions—or leave the school.
Fully protect your institution. Find out more.
Data policy is a critical consideration in cybersecurity for the Higher Ed sector. But that’s just the tip of the iceberg. Are faculty and staff regularly trained on digital habits to avoid? Is your administration up to speed on current regulations and laws governing privacy? Does your protection cover each of the seven layers of security vital to network security? Get answers to these questions and more.