In her blog post below, Citrix Intern Jiun Hong gives us an inside view of security concerns in the Education Sector. She has woven personal anecdotes together with a great deal of industry research to provide a rich view of security risks that students and their families do not even realize that they face. In order to accommodate the entire article, we have broken it into two parts. This is Part 1 of Jiun’s two-part series.
It was the night before college entrance applications were due. I had spent countless hours over the course of several weeks sitting alone in my room, pondering the task before me, jotting down ideas on pale yellow sticky notes, crumpling up rough drafts and furiously rewriting on my clunky home desktop. It was what seemed like an endless cycle of attempts to distill my world, my personality and my aspirations—basically my entire being—down to less than 1000 words.
After an exhaustive effort drafting my personal statements, it was finally time to bite the bullet and submit. After uploading my “pick me!” manifesto, the system requested my parents’ credit card number for the application fee and my social security number for financial aid considerations. The application for financial aid asked for my dad’s social security number, my mom’s savings balance and my sister’s annual income. Compared to the eons I’d just spent on writing my personal statement, I spent only a blip considering how secure sending this data would be. In the moment when those bits of information seemed like the mandatory roadblocks standing between me and the “submit application” button, I didn’t care.
Though institutions collect this sensitive information for good reasons, universities on the receiving end must not be capricious about the dangers of security breaches. There is an array of at-risk information—our information—in educational institutions that deserves our attention.
Personally Identifiable Information (PII)
Students, during the application process, are prompted to provide everything from GPAs and SAT scores to permanent addresses and criminal histories. Birth dates, social security numbers and credit card numbers are more of the many bits of personal information students are asked to hand over during the application phase, even before an official relationship has even formed between the student and the institution. This means that schools end up holding a wealth of personal data about people who don’t ever enroll in their school. If this kind of information got in the wrong hand, it could mean identity theft on a massive scale.
Educational institutions are the hubs of research, with young minds pouring ideas into new fields every day. Because the entire sector upholds a culture of collaboration, sharing data occurs on campus, of course, but also outside of school gates, on personal devices connected to unprotected networks. Students and faculty using personal laptops to unsecurely input data and send major findings adds fuel to the risky fire of data breaches. Often times, the intellectual property that a university cultivates and releases as its own comprises a big part of the institution’s value. Losing this kind of data could be catastrophic, from potential losses in post-doc jobs to intellectual ownership.
Often times, people only care about the university you attend based on its reputation, namely, if they’ve heard of it, because that must mean it’s a good school, right? If people know the name of an institution just because it was on the news for getting hacked, that diminishes the reputation of the school. Both the willingness of students to apply to a school and the ease with which parents entrust their children to that institution will be affected by reputation .
If the pitfalls of a data breach don’t seem serious enough, let the numbers do the talking. Based on a number of examples, a university can spend about $111 per breached record, 700 hours of paid staff time, $75,000 on an information call center, $2.25 million for network reparation, $2.7 million in legal fees, $7 million on credit-monitoring services. A financial loss as big as this could mean less funds for scholarships, student organizations, school events—all things that students rely on to be available.
Watch for Part 2 of this blog post coming soon. It will include more information about a host of additional security-related topics in the Education Sector ranging from medical records and risk management to managing user privileges and malware prevention.
Follow Citrix Solutions for Financial Services and Insurance on Twitter.