As my previous blog highlighted, universities and colleges are facing significant cyber security challenges, in part due to the sheer volumes of personal data they process. Consequently, it’s vital they implement the stringent processes and policies needed to ensure they handle data securely and in compliance with GDPR. After all, security breaches can have serious long-lasting repercussions for the institutions, resulting not only in potential fines due to a failure to comply with GDPR, but it can also take weeks or even months to put things right after an attack.
So, as higher education institutions look to strengthen their defences in the face of increasing cyber security threats, let’s look at what strategies and initiatives they can put in place to maintain the highest degrees of data protection in a changing education landscape.
Data Protection Officer
One of the most effective strategies is to establish governance for the protection of personal data. This starts by appointing a Data Protection Officer who will be responsible for ensuring that the institution maintains compliance and enforces and communicates a clear GDPR strategy across the entire community – covering both staff and students.
Although students agree to adhere to cyber security policies and GDPR when enrolling at an institute, it is likely some will fail to comply with the regulations. As such, the Data Protection Officer should reinforce its importance by communicating the risks and consequences of failing to adhere to cyber security policies for the individual as well as the organisation, sharing this information across the entire student body and employees.
Working with data management partners
It is also critical that institutions understand that ineffective and insecure storage and management of student data can severely impact the student experience long past their time with the university. As institutions are controllers of student data, they must work with technology partners like InterSystems to implement the appropriate data platforms securely and safely to store and transmit both student data and other resources.
The most effective solutions will include security based on authentication, authorisation, auditing, and encryption. The authentication capabilities will allow the institution to verify the identity of all users, while authorisation ensures that users can access the resources that they require. Additionally, auditing functions will guarantee that the institution keeps a log of user activities, predefined system transactions, and application-specific events to which the Data Protection Officer can keep on record. This can be enhanced with encryption to protect information against unauthorised viewing.
Introducing processes to test the effectiveness of the procedures the institution implements and undertaking improvements as necessary, higher education institutions will be able to mitigate risk and ensure students can access personal data in a timely manner should they encounter a breach.
Protecting valuable data both now and in the future
With remote learning becoming more common and extra data being generated due to track and trace initiatives, for example, the amount of data higher education institutions are handling is only increasing. They must therefore ensure they have the right strategies, tools, and partners in place to reduce the risks, strengthen infrastructures, and protect both their business and students from growing cyber threats.