Higher education is tough, and not just for the people attending and sleeping through early morning classes. Most people do not and never will know about the underlying challenges institutions must tackle in the face of compliance. On top of having to deal with thousands of young, rowdy, and generally inebriated students on a daily basis, they also must comply with the many government standards that are put before them, or be forced take the brunt of costly monetary penalties and probable loss of reputation.
This is a problem that is very unique to colleges and universities, as they share characteristics of many different industries. The fact that colleges, by nature, are educational makes them responsible for complying with FERPA. Most higher education institutions have some sort of medical office set up, which thrusts upon them the duties of HIPAA/HITECH. And last, but certainly not least, we all must submit some sort of payment to the university of our choosing (likely for many years after we have graduated) so adherence to PCI DSS also becomes a major factor.
Although this may already seem overwhelming, there is much more to it.
The people that attend these institutions play a major role in increasing the difficulty of compliance with these standards, and not just because they are simply there, but because of the double standard they impose on the school. To put it frankly, colleges have an obligation to leave their networks in a much more open and vulnerable position than any other typical organization facing the same problems. For the purposes of “research,” potentially harmful or distracting sites may remain unblocked, giving intruders a possible entrance into the network. Additionally, other connecting devices such as game systems and cell phones might provide a danger.
Although STEALTHbits® doesn’t provide anti-virus software, we do bring to you a solution that can be very helpful in meeting the compliance requirements set out before you. By utilizing StealthSEEK®, our sensitive data discovery and reporting solution, we make it easy to uncover critical information that may be hiding on your network, but is accessible to anyone. For PCI DSS this can be credit card numbers, for HIPAA/HITECH, PHI, and for FERPA, PII, as well as many other nuggets of data. StealthSEEK will search your environment for these or any other designated criteria and return with a full report, allowing you to flag, copy, delete, or move files to a safer location. Securing this information and keeping it safe from theft of people who should not be viewing it is essential for safety of students and overall compliance with government standards. Simply, it must not be ignored.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Nate is a Marketing Manager at STEALTHbits and has worked in the IT Security industry for 5 years.