What can cybersecurity teach a university about data protection?
Universities are diverse, decentralized organizations accountable for thousands of students and faculty — a combination that makes data protection as critical as it is challenging, particularly in an era of increasing digitization and virtual delivery.
Higher-ed institutions house a wide range of sensitive data, including student identities, personal account information, financial details and health care information. From students’ cell phone and account numbers to academic research findings, it’s vital that universities safeguard information with the highest level of security available. A growing number of colleges and universities are evaluating their cybersecurity measures and taking concrete steps to raise and reinforce the walls that protect student data, while simultaneously respecting privacy.
An Ernst & Young LLP (EY US) cyber team recently guided a leading West Coast institution through a cybersecurity transformation, achieving new heights of automation and vigilance so the entire university community can sleep soundly, knowing their information is secure.
Upgraded cybersecurity limits a university’s data security risk
When a leading West Coast university recognized a need to re-examine their cybersecurity and risk-management processes, EY US professionals and ServiceNow provided an integrated approach to help the institution protect its community.
The team completed a baseline study of where and by whom sensitive information was housed, identified the risks posed in each of these disparate areas and recommended controls to safeguard them. Our cyber team mobilized a governance, risk and compliance capability on the ServiceNow platform to manage risk intake, analysis, disposition and response.
The process alerted university administrators to areas of vulnerability, thoroughly assessed the challenges across more than 50 schools and implemented effective tools to protect the institution’s most sensitive information across the entire campus community.
The result for the university is an expanded safety net of rules and guidance, limited access to data by designated gatekeepers and centralized security operations.
“Universities have a responsibility to help protect the students, faculty, researchers, staff and guests that constitute the university ecosystem,” said Rob Belk, Principal, Cybersecurity Consulting, Ernst & Young LLP. “With a new system in place, students and faculty can feel confident that the university is protecting their data, so they can confidently focus their attention on learning and research.”
Universities have a responsibility to help protect the students, faculty, researchers, staff and guests that constitute the university ecosystem.
Vigilant cybersecurity management that proactively tracks risk
The university’s cybersecurity program design created new policies and governance, created staff training and a managed security operations center — aligning scattershot processes and saving university administrators time, manual effort and worry. The system is geared to protect students’ privacy by limiting access to their personal data.
- 47,000 students’ data better secured
- 20,000 employees’ data better secured
- 168% increase in effectiveness of monitoring guidelines
- 200 risk events tracked
- 16 new policies
students’ and employees' data better secured.
New dashboards were programmed for leadership so that the university can easily follow data trends and make quick decisions. The new cyber-strategy targets the danger zones: student and faculty personal information, credit cards, financial data and proprietary research data. The program maps these focus areas to existing IT assets to protect them at all levels.
“Cyber, ServiceNow, GRC, Forensics and Program Management groups worked collectively as one EY team to deliver a robust cyber program that effectively safeguards sensitive student information in an era of increasing virtual delivery,” said Jatin Rajpal, Partner, Technology Consulting Services, Ernst & Young LLP. “By optimizing functionality at the highest level of the IT infrastructure, EY continues to help the university protect data and mitigate cyber risks.”
Cyber, ServiceNow, GRC, Forensics and Program Management groups worked collectively as one EY team to deliver a robust cyber program that effectively safeguards sensitive student information in an era of increasing virtual delivery.
Vickie Papapetrou, Principal, Cybersecurity, Ernst & Young LLP and Pat Niemann, EY Americas Audit Committee Forum Leader, also contributed to this article.
Interested in the changes we have made here,
contact us to find out more.