The Obama administration on Feb. 12 released its long-awaited cybersecurity framework as colleges and universities struggle in the fight against a barrage of cyber attacks that have compromised millions of pieces of personal data.
The White House’s cybersecurity framework, roundly criticized by privacy rights groups for a host of watered-down provisions, was meant to provide digital security basics for small businesses to corporations to college campuses.
The Department of Commerce’s National Institute of Standards and Technology (NIST) consolidated input from the private and public sectors in creating the cybersecurity framework’s set of standards, best practices, and guidelines.
The high level summary of the White House’s cybersecurity framework includes the following: Identify, protect, detect, respond, recover.
The tiered approach included in the cybersecurity framework is meant to allow organizations and universities to more easily assess risk management in protecting data.
Colleges and universities of every size have reported a spate of data breaches and cybersecurity attacks over the past year, causing consternation among students, faculty, and parents whose private information is stored on campus servers.
More than half of colleges and universities transmit various kinds of sensitive information – including financial details – over unencrypted channels, according to a survey conducted by HALOCK Security Labs, a security firm based in Illinois.
One-fourth of the 162 institutions included in HALOCK’s survey said they advised students and parents to send personal information – including W2 documents – via eMail.