July 31, 2014
A rash of data breaches on campuses across the U.S. this year suggests that colleges and universities still have a lot to learn about information security.
And that’s just a few examples.
In fact, universities are considered easy targets because of their open structure and long information retention periods.
According to Privacy Rights Clearinghouse, 736 breaches have occurred in educational institutions since 2005 ranging from lost laptops with sensitive information to targeted cyber-attacks. Beyond payment data and student records, other sensitive data includes employee records, patient health information and scientific research data.
How much is it costing the institutions?
The Ponemon Institute 2014 Cost of Data Breach Study shows that education has the second highest data breach costs. In the study the per capita costs for the consolidated education sample was $294 (which was much higher than the overall mean of $145).
The 2013 Cost of Data Breach Study: Global Analysis showed that data breaches in higher education specifically cost an average of $111 per record, including damage to the institution’s reputation.
While the cost is significant, an article at chronicle.com points out that all the publicity may help IT and data security managers make their case to better protect information across the board with top administrators and trustees.
“This kind of public exposure for a high-profile breach, helps elevate the conversation out of the IT group,” said a security expert, “and into the executive level and into the boardroom.”
Making data security a boardroom concern is an important risk reduction strategy.
Here is a roundup of ways educational institutions – and all businesses – can reduce the risk of a data breach incident.
Check out the State of the Information Security Industry report for more information.