Contact Us

Data security in
higher education
and universities

Author: Nick Reese

While students flock to universities, community colleges and other higher learning institutions to continue their education, these same institutions are rapidly learning a lesson of their own: Data security in higher education and universities is one of the top issues facing education leaders today.

One of the first use cases for the internet was to connect educational institutions. Today, higher education thrives on online access. From connecting departments and colleagues to each other and other institutions to powering internet-connected printers to feeding students' insatiable hunger for bandwidth, higher education institutions are as connected as you can get. In addition, online classes continue to grow in popularity, while the pandemic meant that most institutions conducted the bulk of their operations completely online for months or more at a time.

As a result, security issues in higher education and universities are prevalent. According to Verizon's 2021 Data Breach Investigations Report, the education industry suffered 1,332 security incidents over the last year, resulting in 344 breaches. This made the education industry the sixth most attacked industry studied in the report.

The rapid switch to online classes during the pandemic provided opportunities for cyber criminals to use social engineering tactics on students to instigate fraudulent fund transfers. In addition, the misconfiguration of databases challenged the data security in higher education institutions by allowing hackers to install ransomware or other malware.

Data security in higher education: Solving security issues in higher education and universities with a cyber security framework

To overcome the significant issues of ensuring data security in higher education, leveraging a cyber security framework to optimize your security efforts is critical. This framework can help you implement the best cyber security practices as they pertain to security issues in higher education and universities, which can be vast and varied.

Some institutions are the size of small cities. They often provide everything from retail, healthcare and housing for students, and they may conduct sensitive government-funded research and development. Financial data, personal data and proprietary research data are spread across each department, all of which are often operated independently. In addition, many universities are still in the early stages of their digital transformations and continue to rely on on-premise, legacy applications that may be less secure than cloud-based solutions.

Your framework can incorporate all those considerations to create an approach that allows you to continuously evaluate and improve your cyber security. By creating and using a framework, you can break your cyber security issues into manageable chunks that you can then prioritize based on need, return on investment and issues like meeting government compliance.

The National Institute of Standards and Technology provides a cyber security framework that higher education institutions can use to help address security issues in higher education and universities. The framework consists of five concurrent, continuous functions:

  • Identify: Develop an understanding of your entire cyber security risks, such as systems, people, assets, data and capabilities.
  • Protect: Define and implement the safeguards required to prevent attacks and ensure the delivery of critical services.
  • Detect: Define your approach for identifying a cyber security incident or breach.
  • Respond: Define your approach for stopping and containing the damage from an attack.
  • Recover: Define your plan for restoring capabilities once a breach has been contained.

Putting a cyber security maturity model to work

A cyber security framework gives you a written set of instructions and standards for how to prevent, respond to and remediate an incident. The framework allows you to respond effectively in the event of a breach instead of trying to figure things out as you go. However, creating a framework from scratch can be a time-consuming, complex endeavor involving hundreds of stakeholders. And you have to ensure it's shared and communicated across the organization so everyone knows their responsibility.

For true data security in higher education, a maturity model is crucial. Once you define your framework, a maturity model can tell you how well your institution is meeting its goals. By scoring your cyber security maturity, you can determine your current state, communicate your goals for a more mature state, and identify the tasks or capabilities required to help reach your desired level. This ensures everyone is working from the same playbook and taking action with the same goal in mind.

A third-party security partner can help leaders improve data security in higher education by developing and executing a cyber security framework using best practices collected from across industries that are honed to help reduce security issues in higher education. In addition, a security partner can provide an evidence-based risk management program that tells you exactly where you are in your cybersecurity maturity journey, along with the steps you need to meet your maturity goals.

For more insights into how to reduce security issues in higher education, read Verizon's 2021 Data Breach Investigations Report.