As cyberattacks continue to rise, higher education institutions are building cultures of privacy and security to protect faculty and student data

Protecting one of higher ed’s greatest assets: Student data


As cyberattacks continue to rise, higher education institutions are building cultures of privacy and security to protect faculty and student data

While Data Privacy Week has concluded, the awareness it spread came not a minute too soon, as the higher education ecosystem finds itself in critical discussions about data security as the number of compromising attacks continues to rise.

Two years ago, it would have been difficult to imagine the level of complexity in a university’s infrastructure and network operations that exists today because of the pandemic’s immense influence on higher education.

Usage of education technology has increased dramatically, helping higher education to continue to educate their students virtually but putting them under the spotlight of users and regulators alike. Students and families want to know that they can trust their institutions to keep personal information safe as the adoption of new technologies increases.

While higher education technology teams continue to evaluate the right actions to protect their institutions, the following best practices may be helpful to consider. 

  1. Operating with transparency around data utilization creates trust with students and staff.

Institutions have seen a recent surge in criticism from users, including students and student organizations, around the various education technologies that penetrate the overall higher-ed experience. One of the most important ways to address this criticism is through transparency. Personalization, data analytics and data privacy do not have to be mutually exclusive. They can coexist if designed with privacy in mind. When implementing a new tool that collects student data, institutions should consider providing the right level of visibility for users into what this technology is and what type of information it collects. Colleges and universities can also communicate to students how they are approaching new technologies with a privacy-first perspective to create peace of mind and a sense of confidence in their level of trust with the chosen vendor.

  1. Establishing formal vendor risk assessment processes will help detect technology vulnerabilities and access points.

The procurement process for both renewals of existing software and the adoption of new technologies has traditionally focused more on capabilities and less around safeguards for security and privacy. To combat any potential data vulnerabilities when adopting new solutions, institutions are increasingly conducting in-depth reviews of all components that interface or have access to student and faculty information.

Developed by EDUCAUSE’s Higher Education Information Security Council (HEISEC), the Higher Education Community Vendor Assessment Tool (HECVAT) is an example of a formal framework created to help institutions assess their vendor risk. Whether using the HECVAT framework or another assessment method, institutions that prioritize a comprehensive review of all solutions handling student data can catch the underlying hooks that may also expose them to vulnerabilities.

  1. Staying up to date on new state regulations strengthens privacy practices.  

At the state level, regulations on privacy and security for student and teacher data in higher education have begun to take effect, and they are spreading across the country. It’s becoming more typical for states to establish legislation requiring institutions to go through these vendor risk assessments and selecting certified vendors before implementing technologies that will utilize student data to drive their success. As an example, Texas recently established a new rule that requires higher ed institutions and public community colleges to undergo a stringent authorization process when implementing cloud-based technologies for both new and existing contracts. Closely following privacy and security legislation and preparing for them in advance can help institutions stay ahead when it comes to student and faculty data privacy.  

  • Creating a culture of privacy and security

While following best practices is important, educating students and faculty about security and data privacy is proven as one of the most effective methods in creating trust and thwarting attacks. Ultimately, students and faculty own their data and are key contributors in creating a holistic culture of protection. With buy-in from all users as stewards of good data practices and rigorous privacy and security standards in place, institutions can focus on the benefits of new technologies with confidence in their ability to effectively mitigate risk. 

eSchool Media Contributors