Educational institutions handle large amounts of personal information and are increasingly becoming targets for cyber-attacks and data compromise. Considering managing and planning for these risks will help an educational institution better protect its students' personal, confidential and health information from a data breach, and will assist the institution in being compliant with privacy law and regulation.
Laptops, tablets and internet connected devices are now omni-present in Australia's educational institutions. Used by students, staff and the institution, these technologies provide efficiency in how the institution interacts with its student population. But the increased use of mobile devices within a network poses significant challenges for institutions – in particular, in protecting its network against infiltration, compromise or attack and in securing the personal and confidential information accessible within that network.
What are the emerging risks and how do you manage them?
- More gateways: An unsecured network made up of multiples of devices is a labyrinth of open doors for hackers into an institution's network. This risk will only intensify with the increasingly common implementation of 'bring your own device' (BYOD) policies at schools and universities. Ensure your BYOD policy prohibits non-education related activities and consider how you can actually enforce it. Without proper enforcement, even the best policies are just words on paper. Educate your teachers, lecturers and students about online risks. Most importantly, plan for a data breach and prepare an effective response. Know what to do and who to call when the inevitable occurs.
- Smarter students: Hackers are not only those external demons who wish to steal information or compromise systems. Academic fraud through internal infiltration is becoming increasingly common. Identify data which is particularly valuable to an internal intruder seeking to commit academic fraud, such as tests, assignments and results, and implement additional security measures that protects this information from compromise.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.