Douglas Olsen
With the rise of the internet, students are more digitally connected than ever before. This has led to a notable concern for online safety, with 55% of Americans aged 18-29 having experienced some form of data theft. Universities are responsible for protecting highly sensitive data, and this is regulated by federal laws. So, how do universities keep student information secure?
| Characteristics | Values |
|---|---|
| Minimize data collection | Reduce the amount of information collected |
| Purge unnecessary records | Set retention policies and delete records after a certain period |
| Encryption | Use strong encryption technology to protect information at rest and in transit |
| Principle of least privilege | Assign the minimum level of access necessary to perform a job function |
| Monitor user activity | Track and log all attempts to access files |
| Understand the data | Know what types of data are being collected, where it lives, and who has access |
| Know who has access | Create accurate and updated access rights |
| Stay current | Keep up-to-date with the latest data privacy laws |
| Use a VPN | Use a Virtual Private Network for university-related tasks |
| Avoid unsecured networks | Do not access university-related information over a public internet connection |
| Use strong and unique passwords | Passwords should include letters, numbers, and special characters |
| Avoid suspicious links | Do not click on suspicious links or download files from unknown sources |
What You'll Learn
Encrypting data at rest and in transit
Encryption is a critical component of data protection and securing sensitive information while it is in transit, in use, or at rest. Encryption is the process of transforming data into unreadable code using a cryptographic algorithm so that nobody can access it without permission. The encryption algorithm utilizes secret randomly generated keys to encrypt the data that can only be decrypted and turned back into readable information using a single corresponding decryption key.
Universities should encrypt data at rest and in transit. Data at rest refers to data that is stored on a server or device, while data in transit refers to data being sent over a network. Strong encryption technology should be used to protect information in both states, and universities should identify devices that store sensitive information and apply encryption at the file and disk level. In addition, universities should ensure that any sensitive information sent over a network connection is encrypted. For example, standard email does not use encryption and should never be used for sending sensitive information. Instead, universities should use secure messaging portals that employ HTTPS-encrypted websites.
AWS, for instance, provides a number of features that enable customers to easily encrypt data and manage the keys. All AWS services offer the ability to encrypt data at rest and in transit. AWS KMS integrates with most services to let customers control the lifecycle of and permissions on the keys used to encrypt data on the customer’s behalf. Customers can enforce and manage encryption across services integrated with AWS KMS through policy and configuration tools.
To protect data in transit, AWS encourages customers to leverage a multi-level approach. All network traffic between AWS data centers is transparently encrypted at the physical layer. All traffic within a VPC and between peered VPCs across regions is transparently encrypted at the network layer when using supported Amazon EC2 instance types. At the application layer, customers can choose whether and how to use encryption using a protocol like Transport Layer Security (TLS). All AWS service endpoints support TLS to create a secure HTTPS connection to make API requests.
Huddersfield University: International Students' Presence and Impact
You may want to see also
Reducing data collection
Social Security Numbers (SSNs) are a prime example of data that universities should not collect. While many universities previously used SSNs for identification purposes, there is now no valid reason to collect this information, and the risks associated with storing it are significant. Universities should also review and remove any other data fields that are not required for a specific and legitimate business purpose.
In addition to minimizing the amount of data collected, universities should also implement policies to purge sensitive information once it is no longer needed. Standardized record retention policies should be established, specifying how long different types of records should be kept. For instance, a university might decide to retain course grades permanently for transcript generation but purge student disciplinary records a certain number of years after graduation.
By reducing the volume of data collected and stored, universities can significantly decrease the potential fallout from data breaches and better protect the privacy and security of their students and staff.
Exploring Nova: A University with Diverse Student Population
You may want to see also
Purging unnecessary records
Universities should set standardized record retention policies that specify the length of time different categories of records should be preserved. For example, a university might decide to retain course-level grades permanently to generate transcripts, but purge student disciplinary records seven years after graduation. Similarly, retention schedules for specific types of records can be created, such as those for faculty personnel files, which must be destroyed six years after the employee leaves the university.
In addition to minimizing the information collected, universities should also take steps to purge sensitive information when it is no longer used for its original purpose. For instance, public schools often collect documentation from parents to prove their residency in a particular school district. Once those records are validated and approved by an administrator, there may be no further need to maintain copies of the records themselves. Instead, it may be sufficient to maintain a record created by the administrator documenting that the evidence was received, reviewed, and validated.
Another example of purging unnecessary records is the destruction of admissions records following student requests to see information about the schools' reasons for accepting or denying their applications. Universities such as Yale and Stanford have taken this step to keep the comments of faculty reviewers private. While the practice has not been challenged in court directly, it may be subject to legal scrutiny in the future.
Enrollment Insights: University of Mississippi Student Numbers
You may want to see also
Using secure networks
Universities have a responsibility to protect student information, which is often highly sensitive and can include financial and medical data. With the rise of the internet, students are more digitally connected than ever, and online safety is a notable concern. Universities can help students protect their information by encouraging them to use secure networks.
Students should be encouraged to use a Virtual Private Network (VPN) when accessing university information. A VPN keeps information private and secure. Universities should provide specific information about how to access and use the VPN.
Students should be warned about the dangers of using public Wi-Fi. Public Wi-Fi is often unencrypted, and information sent over these networks can easily be hacked. Students should be advised not to send sensitive information over public Wi-Fi and to avoid using file-sharing apps or programs on public networks.
Students should also be advised to use only approved cloud storage and email services. These services are carefully vetted by the university to ensure that student data is secure.
Exploring Graduate Student Population at University of Miami
You may want to see also
Creating strong passwords
Length:
A strong password should be at least 12 characters long, with longer passwords being more secure. Aim for 14 characters or more if possible. The longer your password is, the harder it will be for someone to guess or crack.
Complexity:
A strong password should include a mix of uppercase letters, lowercase letters, numbers, and symbols. This makes it much more difficult for someone to guess or brute-force. Avoid using common words or phrases, personal information, or easily identifiable details like your name, birthday, or pet's name.
Uniqueness:
It's important to use a unique password for each of your accounts. This way, if one account is compromised, your other accounts will still be secure. A password manager can help you generate and store unique passwords for multiple accounts.
Memorability:
While complexity is important, it's also crucial that you can remember your password. Consider using a memorable phrase or sentence with numbers and symbols interspersed. For example, "6MonkeysRLooking^" or "HorsePurpleHatRunBay". You can also use spaces before or between words in your passphrase to make it more secure.
Password Management:
Using a password manager is a secure way to store your passwords. These tools can generate complex passwords, store them securely, and even auto-fill them when needed. If you prefer a more analogue approach, it's okay to write down your passwords, but be sure to keep them in a safe place, not near the device or account they are used to access. Alternatively, you can write down password hints instead of the actual passwords.
Regular Updates:
It's a good idea to change your passwords regularly, especially if you suspect that an account has been compromised. This helps to maintain the security of your accounts and prevent unauthorized access.
Rochester University Field Experience: Teaching Students, Transforming Learning
You may want to see also
