Keep your data protected with security solutions for Education

Audit your digital footprint

Data breaches are nothing new – in fact, the rate of attacks has swelled in recent years, with over 14.5 billion data breaches recorded since 2013. What makes that figure so surprising is that only 4% of the breaches were considered ‘secure’, meaning encryption was used.

Despite the news being littered with high-profile breaches of organizations like the UK’s National Health Service and the US’s Equifax, smaller entities are just as at risk, and it raises serious concerns about the security of schools and universities in particular.

In 2018, the University of Greenwich was breached, with 19,500 students’ personal data posted online – and these incidents are being more common around the world. What makes it even more concerning for the Middle East is that region has the second-most expensive breaches globally, averaging $5.1 million. 

So how can schools and universities in the Middle East address this growing threat – especially as figures from InfoWatch reveal attacks on Middle East entities are primarily interested in “national strategic plans, know-how and university test papers”?

Even the smallest step forward is a good start, and that could involve something as simple as a digital audit. The first question they should ask is whether their digital service provider is both locally based and engineers its equipment with security front-of-mind. Beyond that, the audit can involve questions such as:

• Is there a school/university staff member who is in charge of managing privacy and potential data breaches?
• Are staff aware of what ‘personal information’ entails – i.e. do they understand the region’s privacy laws?
• Does the school/university deploy regular training about data security?

Employ stricter regulations around personal data and exams

Such an audit is only meant to be a starting point. Once those questions have been answered, the education provider will have a more complete overview of the state of their data security practices, and know where gaps must be plugged.

Importantly, there must be a plan in place for potential data breaches and internal leaks – especially as InfoWatch figures reveal 68.4% of all data breaches globally are caused by human error.

Nominate a staff member – preferably the person in charge of the school’s data security – to draw up a Data Breach Response Plan (DBRP). This should outline all potential threats, the obligations of school staff, and include best-practice plans to respond to any breaches or leaks.

The objective of the DBRP should be to:

• Identify, contain and respond to any data breaches or leaks as quickly as possible.
• Help reduce the potential harm to impacted individuals or entities.
• Document all processes and outline multiple response plans, according to various threats.
• Nominate staff to specific roles and responsibilities, and clarify reporting lines and authority levels in the event of a breach or leak.
• Identify the staff responsible for leading and managing the response plan.

Limit access to staff and students

Once a plan is in place, it’s time to focus on implementing rules and regulations about hardware, software and access to secure sites. A swipe-card system that only allows authorized individuals access to the print room, for example, is a simple solution that massively raises security standards.

Similarly, with the inherent risks associated with university and school data, an all-in-one print, scan and document management solution such as Canon’s uniFLOW can achieve a similar function: by restricting access to sensitive data.

The uniFLOW software ‘reads’ the content requested for printing and reveals whether it contains sensitive material. The printing process is initially blocked so that the IT department can be alerted to the print job. Depending on the user’s permissions, the print will be approved or denied – meaning the risk of examination papers being leaked, for example, is reduced.

In all things, schools must take a holistic approach to their data security so they can quell the growing threat of both external breaches and internal leaks.