Commentary: The crux of data security is about having multiple layers of defense. Answering these questions can establish a strong foundation.
Picture this scenario: An employee leaves for a family vacation and plans to do some work while being out of the office. So, they take their company laptop on the trip. But, the employee accidentally leaves it in the plastic bin at airport security before heading to the gate. Maybe they were distracted; perhaps they were running late. No matter the reason, the employee does not realize what has happened until mid-flight. In 2008, a lost laptop might have been a problem, but in 2018, it can be a crisis.
This type of event may trigger panic in many higher education leaders. After all, a lost employee laptop means the potential breach of tens of thousands of student records. Knowing the right questions to ask your CIO, IT teams and vendor partners can help quell those feelings of dismay and helplessness.
Data security has always been a priority for colleges and universities. Today it is more important than ever. Shifts inside and outside of higher education are creating new security challenges: devices that arrive on campus in greater numbers and greater variety, larger volumes of data, increased use of business intelligence and analytics, and increased “hacker” activity. In the first half of last year alone, the number of lost, stolen or compromised records grew 164 percent, according to a report from Gemalto. Once again this year, information security is the No. 1 issue in EDUCAUSE’s Top 10 IT Issues report.
I saw the growing concern over security in higher education when I led the Office of Analytics at the University of Maryland University College, and I continue to watch the effects on the institutions we work with today. What’s clear is that too often, non-IT leaders are in the dark about all the potential security risks they face.
Let’s return to the lost laptop. The crux of data security is to create multiple layers of defense. Ensuring your CIO has the right answers to the following questions can establish a strong foundation.
What are our policies for encrypting laptops?
These days, login credentials are fairly standard. You can bolster that best practice by requiring all employee laptops to be encrypted and locked when not in use. Encryption provides a formidable first level of defense.
Do we require Multi-factor authentication to log into our network?
This security measure is often used by financial institutions, email providers and even social media channels. Multi-factor authentication adds an additional layer of security where a secondary device is required to authenticate the user on the network. Even if the employee’s laptop is stolen, multi-factor authentication would require the employee’s mobile phone to be able to breach your network.
How can we remotely access laptops?
Remote access is an IT team’s fail-safe when it comes to security. If that same employee’s laptop cannot be recovered, your IT team should be able to send a remote wipe command to clear the computer of all personally identifiable information (PII) and other sensitive data.
