Back to School: Is your student data safe?
Families everywhere are preparing their students to go back to school, and the schools themselves are preparing themselves for the student invasion. But are schools prepared for the student data security challenges? Anyone who has a student knows that sensitive data, such as social security numbers and birth dates, are required for the simplest transactions to function, from a grade school student’s online lunch money payment to a college student’s financial aid.
Schools and universities have had varying success keeping this data secure.
In June of 2013, Champlain College in Burlington, Vermont, endured negative publicity when years’ worth of sensitive student data was found on a loose flash drive, left unattended in a school computer lab. More than 14,000 records from students, dating back three years, had been copied onto the small, removable USB drive. The person who copied the data apparently forgot the flash drive, and it lay unnoticed in the computer lab for two days until a student discovered it and turned it in. The college has since updated its policies and forbidden its staff from copying sensitive data onto removable drives.
But is that the best answer?
So many companies and organizations handcuff their employees by forbidding them from using the easiest and most effective ways to move data, rather than focusing on securing loose data drives once they are in use.
Securing hard drives, external drives, flash drives
Rather than forbidding the use of removable drives, what about a system for tracking them, and a method for wiping them that is so simple and convenient everyone will make it a habit to secure and clean loose media? If you are a school, college or university using flash drive, external hard drive backups, servers with removable hard drives, or any other drives that can accidentally be left sitting around, do your students a favor and institute an onsite data destruction plan that becomes a habit.
Students, parents can push for change
If you suspect your student’s data is not being handled safely, contact the administration at the school, college or university to voice your concerns. You can take precautions by choosing not to provide social security number and date of birth unless they are required. When typing sensitive information into an online form, make sure the internet web address begins with “https” instead of “http.” This is an indication that the page you are using is on a secure server. Don’t be shy about asking if the data is encrypted, or if it ends up in unsecured email.
Onsite data destruction
Onsite data destruction is the best defense against loss of private data from loose media, retired desktops, laptops, POS terminals, mobile devices, flash drives, and failed server hard drives. At many colleges and universities, student workers make up a significant part of the IT workforce. Data destruction should be as easy as dropping drives, disks, and media into a secure bin on the way out the door. Even a college student running on four hours of sleep can do that!
Meet Tear-A-Byte®, TechR2’s solution to secure onsite data destruction. TechR2′s Tear-A-Byte® solution utilizes leading edge technology, providing secure containment and onsite data destruction with our NSA certified degausser.
For each project you will receive a serial number report and a certificate of destruction to store for future audits. This is critical in case of a suspected data breach. For state-funded institutions, it is even more critical to have a paper trail to prove your compliance with data security measures.
More complex jobs can take advantage of TechR2’s more advanced systems.
Are your hospital’s executives ignorant of the risks of data stored on flash drives, hard drives and other loose media? Be kind and inform them of recent court cases, and present simple and effective solutions such as the TAB®. Information about compliance with HIPAA and other federal guidelines governing data privacy can be found here.