Following the recent data breach of individual student records at the University of Greenwich please see commentary from SailPoint, Iron Mountain and BMC Software have the following comments on how institutions can protect their sensitive data from leaking.
[su_note note_color=”#ffffcc” text_color=”#00000″]Kevin Cunningham, President and Founder of Identity Access Management Company SailPoint:
“Being exposed as unprepared and ill-equipped to minimise the damage associated with a breach is a fear of any organisation. Universities today house vastly more sensitive data, and so everyone from the executive level down needs to ensure there is a collaborative effort from internal staff to protect that sensitive information and ultimately, the health and longevity of the organisation.
“In today’s digital world, users need access to a myriad of critical systems, applications, and data in order to do their jobs. IT can only do so much to protect the internal infrastructure, but with the right tools in place to put some onus back on the employees they can help alleviate the burden. It falls to the employees and management to ensure that protecting sensitive information is of the utmost importance.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Phil Greenwood, Director at Iron Mountain:
Following reports that The University of Greenwich has suffered a data breach, the amounting pressures imposed by the digital revolution upon educational and business establishments is becoming increasingly pervasive. Managing such personal information is difficult, especially in under resourced areas where staff may be inexperienced in information management. This is only set to become more complex with the impending EU General Data Protection Regulations and the implications that this will have.
Organisations handling personally identifiable information that may be highly sensitive in nature need to ensure that the correct processes are in place. It is key to prevent data breaches within data-driven environments.
For those concerned that they may be at risk of heavy fines and reputational damage for a similar breach, it is important to learn from mistakes and best practices of others – mitigating the risk of what may be inadvertent disclosure. We advise organisations to ensure that their formal information management policies and processes are accompanied by relevant and regular training and communication programmes for staff. This should show staff how to manage information securely and how to support a business-wide culture of information responsibility. For data protection measures to succeed, every employee and the organisation as a whole must understand what constitutes private or confidential data and how to handle it.[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Jason Andrew, GP and VP EMEA, BMC Software:
If the recent ‘Privacy Shield’ partnership taught us anything, it is that we live in the age where data handling comes with significant responsibility and a higher standard of accountability. Whether you are a bank, large business or educational institution- the risks of not taking tangible steps to safeguard customer data are becoming too high.
Aside from reputational damage and a loss of trust with its students, the University of Greenwich will likely suffer financial penalties for inaction to protect sensitive student data, which is becoming commonplace in our ‘Digital Era’.
It is imperative for companies who have suffered a data breach to quickly remediate known vulnerabilities. The challenge is to discover, prioritise and fix these vulnerabilities quickly, reduce the risk of being hacked and keep customer information protected. Closing this ‘vulnerability gap’ is essential in protecting an organisations’ brand, and will also ensure continued customer confidence in the businesses’ ability to protect their sensitive information.[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.