Whether you are working in K-12 or higher education, information technology staff face immense difficulties when trying to protect data within their organization. Knowing where your data resides is the first step in beginning to classify and protect it. Having effective sensitive data discovery is a crucial piece of any data loss prevention (DLP) strategy.
Why do I need to worry about my sensitive data?
Working in the education sector means you are required to be informed and abide by numerous laws, compliance and regulation standards which are designed to protect the data your institution processes and stores. Some of the more common standards and regulations are:
- FERPA (Family Educational Rights and Privacy Act) – This law gives parents the ability to access their child’s records, and even some control over what information can be disclosed. Additionally, parents must have the student’s prior consent (with some exceptions) before education records can be disclosed after that student turns 18 years old. Working in the education sector means you likely have staff members storing student records and finding where they are can be a challenge.
- GLBA or GLB Act (Gramm-Leach-Bliley Act) – This law focuses on how educational institutions handle student financial information that contains personally identifiable information (PII). This includes storing and using the information, and most commonly includes student loan information, tuition payments, and grant information.
- PCI-DSS (Payment Card Industry Data Security Standard) – Much like any other organization, educational institutions must comply with PCI-DSS. This standard outlines 12 security controls designed to protect credit card and payment information. This type of data is pervasive throughout education institutions, and is often processed in bookstores, cafeterias, for student payments, and much more. The latest version of PCI is 3.2 as of this writing, with 4.0 expected in 2020.
What happens when sensitive data is stolen?
While protecting sensitive data and adhering to the various laws may seem challenging, an exposure is likely to cost several orders of magnitude more than having an effective DLP program. In 2019, Washington State University had to pay up to $4.7 million to settle a lawsuit involving the stolen personal information of 1.2 million people. They are merely one of many organizations that have had significant amounts of data stolen.
As if student and employee data wasn’t enough, many higher education institutions also have valuable research data to protect as well. This data is often spread across numerous disciplines and is the result of months or years of specialized work. Research data is highly sought after by malicious attackers, and results in very bad publicity when exposed or stolen. In early 2018, nine Iranian hackers were indicted for stealing $3 billion worth of intellectual property from universities. More than 300 universities were targeted, with nearly 150 being in the United States alone. As cyber attacks continue to ramp within the education sector, organizations must take action to find and properly manage their data.
With the staggering amount of sensitive data education institutions process and store on a daily basis, it is no wonder many organizations consider data loss prevention a key component of their security platform. But implementing and maintaining an effective program isn’t always easy. Data loss prevention and sensitive data scanning products are often priced per device being scanned, which can become very cost prohibitive in the education sector. Additionally, some license models in the assets they can scan, which can leave organizations with significant blind spots.
What is the solution?
Seeker has been tested extensively in higher education environments with extraordinary success. Furthermore, the pricing model of Seeker is friendly to organizations of any size, offering up substantial education discounts in addition to scanning an unlimited number of hosts. With the ability to scan both Windows and Mac devices, file shares, and databases; Seeker is the ideal solution for organizations looking to deep dive into data loss prevention.
Ready to start? Download a free 30-day trial to see how quickly Seeker can find where your sensitive data is hiding.
https://www.wired.com/story/2018-worst-hacks-so-far/
https://library.educause.edu/topics/policy-and-law/pci-dss
https://library.educause.edu/topics/policy-and-law/gramm-leach-bliley-act-glb-act