- eCampus News - https://www.ecampusnews.com -

3 steps to a better protected IT system

Top IT security best practices for educational organizations to ensure integrity of IT infrastructure

security-IT-systems [1]According to a new industry report, education is in the top three industries most vulnerable to security incidents.

That’s because schools, colleges and universities face unique requirements when it comes to the IT security of their organization. Unlike corporate or governmental security, the security of educational institutions must support a culture of openness, transparency, free access and sharing.

At the same time, educational organizations are also responsible for providing a safe and secure environment for storing, processing, and transmitting large amounts of confidential documentation, including student personal data, as well as medical, billing, or academic records.

According to the Netwrix 2014 SIEM Efficiency Survey Report [2] many weaknesses are prevalent in established security policies to prevent, or at least detect, security incidents at early stages.

Falling under the scope of various compliance regulations and facing the increasing risk of security attacks, academic institutions are obliged to ensure IT system security and must remain at-the-ready to face the scrutiny of internal or external auditors.

To protect sensitive data and assure the confidentiality, integrity, and availability of all IT systems, Netwrix Corporation–a provider of change and configuration auditing software [3]–recommends three best practices for educational organizations to reinforce their security policies:

(Next page: The 3 best practices for a better protected IT system)

  1. Establish strong privilege-management policy. In order mitigate malicious and risky activities, make sure that all changes to privileged accounts are authorized and all activities are within the scope of established policies. Regular auditing with daily summary reports and timely notifications with email alerts about all changes help in dealing with this matter. As for advanced solutions, consider video-recording privileged accounts’ activity.
  2. Restrict access to records and files. Access to systems containing protected information should be granted only to those who need it to perform their duties. Block users’ access to information if a user no longer requires it, lock user accounts after multiple unsuccessful access attempts, and monitor shared resources for availability of sensitive data.
  3. Monitor user accounts. Monitoring user accounts is one of best ways to avoid insider misuse or to detect access to personal identifiable information (PII), as well as spotting malicious changes at an early stage, says the company. Auditing user activity and account states, including creations, modifications and deletions across all IT systems, helps to avoid potentially critical changes to systems and data that may lead to security incidents. In addition, disabling accounts of former employees or students as soon as they leave the organization is a recommended best practice that helps to maintain security.

“Education is a heavily regulated industry, and a per-capita data breach cost is quite high,” said Michael Fimin, CEO and co-founder of Netwrix. “Like other organizations, academic institutions face financial and reputation losses and have to pay huge fines for non-compliance after security incidents. Sensitive data has always been the favorite treat for thieves, so there is always a risk of personal and internal data leak. Always take it one step further, and make sure that changes made across the entire IT infrastructure don’t put the data at risk.”

Material from a press release was used in this report.