With students heading back to school, it is important that they are prepared to do everything they can to protect their own confidential data because as they head back, so too will the information thieves who will be looking for opportunities to steal their confidential information.
So much of the information that is stored on college and university campuses is considered highly regarded by fraudsters. Campuses, in general, also have a culture of open sharing of information, which means data is often quite easy to steal. In fact, about 11% of all data breach incidents in 2017 occurred in the education sector, according to the Breach Level Index Report by Gemalto.
Data thieves are after personal information, especially names in combination with government-issued identification numbers or financial account numbers. In a recent breach, class enrollment data (names and the last 4 digits of social security numbers from approximately 9,000 university students) was downloaded by an unauthorized user.
There are strict privacy laws and legislation affecting schools, including colleges and universities In the United States, for example, the Family Education Rights and Privacy Act (FERPA) regulates that a student’s personally identifiable information (PII) cannot be disclosed without written consent.
While institutions will have data security strategies in place, here’s what students can do to protect their data and devices.
- Safeguard all devices. Keep software up-to-date and be sure to enable automatic updates. Utilize virus and spyware protection. Shut down and restart computers at least once a week to access security updates.
- Engage with secure sites. When shopping and browsing, check that the URL starts with https:// (“S” for security) and never store payment information online. Don’t download files from risky websites.
- Be safe in common work spaces. Be aware of others, keep mobile devices close and use password-protected lock screens. Human error (losing devices, not locking them) is the cause of 25% of data breaches in education, according to an earlier report by Symantec.
- Found a USB? Take it to Lost & Found rather than plug it in to your device. It may be configured to give a hacker remote access when connected.
- Use strong passwords. Use passphrases to create long and secure passwords. Never write a password down and post it near your device. Any paper containing confidential data should be locked away
- Learn to recognize phishing scams. Never share confidential information in an email or over the phone. Do not open attachments or click on a link without checking the source.
- Avoid ‘over sharing’ on social media. Information thieves research social media websites for PII such as mobile numbers, age, school name, and identifying photos. Do not accept friend requests from strangers.
- Reconsider public WiFi. Any time you will be transmitting confidential data (shopping, banking, filling out forms for admissions), encrypt data and use a secure network.
- Don’t give away old equipment. Confidential data can remain on hard drives even after wiping them (digital forensic software can recover files). It’s important to have old hard drives securely destroyed.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.