Solution Provider Offers Four Ways University CIOs, CISOs Can Strengthen Their IT Security Plans
NEW YORK, October 10, 2017 – Each time a major retailer, credit bureau or healthcare provider experiences a significant data breach, even the experts in cybersecurity circles wonder, “What could be worse than that?” According to the IT security experts at Logicalis US, an international IT solutions and managed services provider (www.us.logicalis.com), there’s a simple two-word answer: Higher Education.
“There is an urgency among the CIOs and CISOs of colleges and universities across the country to shore up their IT security measures very quickly,” says Adam Petrovsky, GovEd Practice Leader, Logicalis US. “Because of the sensitive nature of the information universities possess, when they are not adequately protected, it’s like they’re waving a red flag for cybercriminals saying, ‘This is the best data – come and get it.’”
The chief problem for institutions of higher learning is that they gather and store very diverse kinds of data – including everything from medical information to financial and credit card data – on both the student and their parents. And, of course, there are transcripts and disciplinary records, class schedules and emergency contacts as well. But colleges are also running bookstores and restaurants and infirmaries, which means they are responsible for complying with at least five major privacy-oriented regulations including the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), the Children’s Online Privacy Protection Act (COPPA), the Payment Card Industry Data Security Standard (PCIDSS) as well as a host of state-by-state regulations regarding data breach notifications. In fact, experts estimate that, through a single incident, a college or university could be forced to contend with as many as 100 different breach notice laws.1
Unlike enterprise organizations that can both limit access to sensitive or encrypted data and can often remotely wipe clean a device that provides that access if it is lost or stolen, universities are unable to enforce that level of compliance among their student bodies.
For institutions of higher learning, this presents more than an IT – or even a legal – conundrum. Since colleges and universities attract professors, students and donors based on their reputation, a single breach can also impact the school’s personnel, enrollment and bottom line. Today, Logicalis GovEd and IT security experts agree, the industry is at a tipping point; it’s no longer a question of “if” a university will be breached, it’s a question of “when” – and whether or not the school’s response will be adequate.
And it can happen to any school at any time. UCLA, for example, reported a potential breach of 30,000 student records when a hacker broke into a server containing students’ personal data this year. Last year, at Michigan State University, someone breached a database of approximately 400,000 records containing names, social security numbers, MSU identification numbers and other important personal information; the university determined that 449 records had been accessed before authorities were able to take the files offline just 24 hours after the incident occurred.2 And, earlier this year, when the IRS discovered a data breach involving its IRS Data Retrieval Tool – an online tool used to complete the Free Application for Federal Student Aid (FAFSA) – it revealed that as many as 100,000 taxpayers may have had their personal information compromised. In the IRS incident alone, the agency suspects that nearly 8,000 fraudulent returns were processed, resulting in a loss of approximately $30 million. A striking 52,000 fraudulent or suspicious returns were flagged by IRS filters and 14,000 illegal refund claims were stopped.3
In higher education, data breaches are estimated to cost about $300 per student record. 1 But the costs for colleges and universities is much higher than the actual dollar amount. According to consumer studies, 94 percent believe the organization itself is solely to blame for the breach. As many as 62 percent of those queried said being notified of a breach would lower their trust and confidence in the college or university. And perhaps most surprising, 39 percent of respondents said they would consider terminating their relationship with the school, while 15 percent said they actually would terminate their relationship with the organization entirely.1
If breaches can’t be entirely blocked, what can IT professionals in higher education do to prevent these kinds of disaster scenarios? The GovEd team at Logicalis US says there are four important steps that will bolster college and university cybersecurity plans.
Want to Learn More?
1 Pass or Fail? Data Privacy and Cybersecurity in Higher Education – McDonald Hopkins I Beazley
2 2016-2017 Data Breaches - Privacy Rights Clearinghouse
3 2017 Data Breaches – The Worst So Far – Identity Force
About Logicalis
Logicalis is an international multi-skilled solution provider providing digital enablement services to help customers harness digital technology and innovative services to deliver powerful business outcomes.
Our customers cross industries and geographical regions; our focus is to engage in the dynamics of our customers’ vertical markets including financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, and to apply the skills of our 4,000 employees in modernizing key digital pillars, data center and cloud services, security and network infrastructure, workspace communications and collaboration, data and information strategies, and IT operation modernization.
We are the advocates for our customers for some of the world’s leading technology companies including Cisco, HPE, IBM, NetApp, Microsoft, VMware and ServiceNow.
The Logicalis Group has annualized revenues of over $1.5 billion from operations in Europe, North America, Latin America, Asia Pacific and Africa. It is a division of Datatec Limited, listed on the Johannesburg Stock Exchange and the AIM market of the LSE, with revenues of over $6.5 billion.
For more information, visit www.us.logicalis.com.
Business and technology working as one
To learn more about Logicalis activities through a variety of social media outlets, click here.