Data Security Breaches in Educational Institutions
The recent data breach at Indianapolisbased Butler University is only one of the hundreds of breaches that have affected educational institutions in the recent past. Data security breaches have become frequent happenings, compromising the personally identifiable information (PII) of thousands of applicants, students, faculty, staff, and alumni. The Identity Theft Resource Center, a nonprofit organization based in California, reports that there were more than 50 data breaches in the educational sector in 2013. Information compromised includes social security numbers, driver’s license numbers, medical records, financial records and credit card information.
The report on the breach at Butler University says that the personnel information of more than 160,000 students, alumni, faculty, staff, and past applicants at Butler University was exposed during a data breach happened last year. The University authorities came to know about the incident only after the law enforcement officials in California have conducted an identity theft investigation. Detailed investigation of the incident revealed that the files containing names,
www.managedoutsource.com
8006702809
dates of birth, social security numbers, and bank account details were compromised.
At Maryland University, the Social Security numbers of more than 300,000 staffs, student and graduates were hacked earlier this year. Indiana University was also a victim of data breach when a staff error left information on 146,000 students exposed for 11 months. The University of Northern Iowa and the North Dakota University are institutions that had confidential information exposed.
Causes of Data Security Breaches
Security breaches in educational institutions occur due to the following reasons: •
Unauthorized acquisition and disclosure of information by hackers
•
Accidental or inadvertent disclosure
•
Employee fraud
•
Unsecured portable media
•
Lost or stolen laptops
What Educational Institutions Should Do to Prevent Data Breaches •
Shape their culture to avoid data breach
www.managedoutsource.com
8006702809
•
Demonstrate privacy and data protection issues, starting with support from the top down
•
Information security practices should take into account the decentralized nature of a university’s computing environment
•
Develop policies and procedures for personal data capture, storage, use, and disclosure
•
Develop or update policies to manage information security
•
Develop a comprehensive information security plan on the basis of established policies and procedures
•
Build a universitywide data flow map for understanding, developing, and enforcing data protection policies
Having an antimalware suite on parts of the network can help. Important data, such as grades, finances, and PII should be encrypted both at times of storage and data transfer via email, smartphones or USB sticks. Providing authenticated access for machines or systems with important data and documents is also critical. For example, student financial data should be in a different part of the network, and should be out of reach of people who do not need to access such information. Finally, educational institutions should monitor the system effectively to ensure that existing controls are operating effectively and will do what they are designed to accomplish.
www.managedoutsource.com
8006702809