IT Security Best Practices for Educational Organizations
IRVINE, CA, November 18, 2014 – Schools, colleges and universities face unique requirements when it comes to the IT security of their organization. Unlike corporate or governmental security, the security of educational institutions must support a culture of openness, transparency, free access and sharing. At the same time, educational organizations are also responsible for providing a safe and secure environment for storing, processing, and transmitting large amounts of confidential documentation, including student personal data, as well as medical, billing, or academic records.
The Netwrix 2014 SIEM Efficiency Survey Report found that education is in the top three industries most vulnerable to security incidents, revealing weaknesses in established security policies to prevent or at least detect security incidents at early stages. Falling under the scope of various compliance regulations and facing the increasing risk of security attacks, academic institutions are obliged to ensure IT system security and must remain at-the-ready to face the scrutiny of internal or external auditors.
To protect sensitive data and assure the confidentiality, integrity, and availability of all IT systems, Netwrix Corporation, the #1 provider of change and configuration auditing software, recommends the following three best practices for educational organizations to reinforce their security policies:
- Establish strong privilege-management policy. In order mitigate malicious and risky activities, make sure that all changes to privileged accounts are authorized and all activities are within the scope of established policies. Regular auditing with daily summary reports and timely notifications with email alerts about all changes help in dealing with this matter. As for advanced solutions, consider video-recording privileged accounts’ activity.
- Restrict access to records and files. Access to systems containing protected information should be granted only to those who need it to perform their duties. Block users’ access to information if a user no longer requires it, lock user accounts after multiple unsuccessful access attempts, and monitor shared resources for availability of sensitive data.
- Monitor user accounts. Monitoring user accounts is one of best ways to avoid insider misuse or to detect access to personal identifiable information (PII), as well as spotting malicious changes at an early stage. Auditing user activity and account states, including creations, modifications and deletions across all IT systems, helps to avoid potentially critical changes to systems and data that may lead to security incidents. In addition, disabling accounts of former employees or students as soon as they leave the organization is a recommended best practice that helps to maintain security.
“Education is a heavily regulated industry, and a per-capita data breach cost is quite high. Like other organizations, academic institutions face financial and reputation losses and have to pay huge fines for non-compliance after security incidents. Sensitive data has always been the favorite treat for thieves, so there is always a risk of personal and internal data leak,” says Michael Fimin, CEO and co-founder of Netwrix. “Always take it one step further, and make sure that changes made across the entire IT infrastructure don’t put the data at risk.”
About Netwrix Corporation
Netwrix Corporation, the #1 provider of change and configuration auditing solutions, delivers complete visibility into who did what, when, and where across the entire IT infrastructure. This streamlines compliance, strengthens security, and simplifies root cause analysis. Founded in 2006, Netwrix is ranked in the Top 100 US software companies in the Inc. 5000 and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.