10 Tips for Keeping Data Secure at American Colleges and Universities

By their very nature, colleges and universities hold vast amounts of information that is transferred and shared across advanced IP, wireless and Wi-Fi networks that connect personal and institutional desktops, laptops, smartphones and tablets.

For students, professors, teaching staff and administrators this open environment enables unprecedented access to information. For cybercriminals, this equates to a treasure trove of data ready for the taking, including personal information on current and former students and employees; payment card data; health information; financial and personnel data; family and donor financial information.

With all of this in mind, Verizon’s team of security experts provides 10 tips to help IT administrators define and implement common-sense approaches to maintaining strong cyber defenses to help thwart data breaches, and protect against reputational and financial damages.

1. Require strong passwords. Passwords are the best defense. Require the use of strong passwords across the entire campus community. The Verizon 2013 Data Breach Investigations Report notes that more than 75 percent of network intrusions exploited weak or stolen credentials.
2. Protect the networks. Closely monitor traffic on all campus networks for signs of activity that might point to unauthorized access.
3. Know your data. Protecting against a data breach is impossible if campus IT administrators don’t know who has access to data, and where it is stored and used.
4. Manage data retention. Data should be classified based on its sensitivity and appropriate protection measures applied. Conduct inventories of data on desktops and servers, and purge unnecessary sensitive data.
5. Mind the third parties. Carefully control and monitor network access and activities by non-campus personnel.
6. Focus on known vulnerabilities. Know your network and the points most vulnerable to unauthorized access. Campus Wi-Fi networks and wireless access points in libraries, residence halls and other common areas are frequently overlooked points of access for data breaches.
7. Use strong access controls. Maintain vigilance when it comes to network access. Require multi-factor authentication for access to systems that contain the most sensitive personal and business information.
8. Scan, scan and scan again. Monitor system and application logs for evidence of unauthorized access, and scan networks regularly for unknown devices and IP addresses. Conduct network and penetration testing.
9. Maintain accountability. Understand your network and its typical traffic patterns. If anomalies are observed, be prepared to fully investigate and take the appropriate actions to mitigate future cyber events.
10. Respond to events quickly. Respond swiftly and decisively to network intrusions before they become a full-blown data breach. Develop and regularly test a comprehensive incident response plan.

Colleges and universities are faced with competing objectives of maintaining an open and accessible learning environment while also protecting vast amounts of data that cybercriminals consider high value. In the end, it all comes down to the fact that maintaining data security is a shared responsibility and a variety of measures should be employed to protect against breaches. Hackers will always try to exploit the weakest link in an organization. For colleges and universities, this means that they must be extra diligent in staying in front of the ever evolving threat landscape.

Refer to the Verizon 2013 Data Breach Investigations Report for insights into data breaches. Page 10 of the report’s executive summary contains a list of a list of eight recommendations to prevent and mitigate data breach incidents.