Every year, colleges and universities fall victim to cybersecurity breaches. From stolen data to ransomware, cleaning up after a breach can be a significant drain on financial resources. A report published by IBM Security found that the average cost of a data breach for educational institutions is $3.9 million, which includes legal fees, fines, payments to victims, IT assistance, and professional services like PR for breach notifications and crisis communications.1
Data breaches are expensive and time consuming, and failure to protect data can negatively affect the ability to participate in certain federal programs. For example, colleges and universities that participate in the Federal Student Aid Program under Title IV must comply with the Gramm-Leach-Bliley Act (GLBA). The Act requires higher education institutions to safeguard the privacy and security of parent and student information. Read more about the Act in the article Prepare for the Gramm-Leach-Bliley Act Cybersecurity Audit Enforcement found in the Brotherhood Mutual Safety Library.
While the Act is not new, the increasing scrutiny of cybersecurity efforts as well as the sophistication in the types of attacks make it more important than ever to protect your data. Colleges should develop and maintain strong data security policies and internal controls to defend against unauthorized access or disclosure of private information. Don’t forget to evaluate any third-party providers you may use for services like advancement, tuition management, learning management, payment services, and others. Cyber breaches of those providers can affect your college, as well.2
To protect your institution from attack and to comply with the GLBA, the Department of Education outlines the following cybersecurity requirements as found in part 314 of the Act. They are:
To accomplish these requirements, the Department of Education strongly advises institutions to follow the guidelines provided by the National Institute of Standards and Technology (NIST). The guidelines can be found in the publication NIST SP 800-171. These robust standards are designed to protect sensitive information against unauthorized use. Some of the recommended requirements include3:
As higher education faces the increasing threat of cyberattacks, protecting sensitive information is critical to reducing the threat of a costly and disruptive breach. This is true of all colleges and universities, but it is especially important for any institutions that participate in the Federal Student Aid Program. The Department of Education strongly encourages any institution that doesn’t meet current NIST standards to take steps to improve their information security.
References
Published December 28, 2020.
Thank you for your interest in Brotherhood Mutual. We appreciate the opportunity to provide your church or other ministry with an insurance quote and will reply to your request as soon as possible.
2024 Brotherhood Mutual
Text to follow...
2024 Brotherhood Mutual