Higher education institutions have large databases of personal information, and many have research facilities housing intellectual property that could have high street value. This makes them prime targets for cybercriminals.
FTC Safegaurds Rule
Higher education institutions have large databases of personal information, and many have research facilities housing intellectual property that could have high street value. However, security measures may not always be the strongest when it comes to protecting data. This makes higher education institutions prime targets for cybercriminals. These hackers break into the school system or an education technology company they work with, and it’s become even more common due to the increase in online learning and network usage.
To protect students, professors, staff, and research, the Federal Trade Commission (FTC) created the Safeguards Rule. The FTC’s Safeguards Rule first went into effect in 2003 under the federal Gramm-Leach-Bliley Act (GLBA). The rule requires all Title IV institutions of higher education (i.e., those that process U.S. federal student aid) to comply with specific security guidelines. Now, due to recent high-profile data breaches – including nearly 70 ransomware attacks affecting more than 950 schools and colleges in 2021 alone – the FTC has made amendments to the Safeguards Rule.
What You Need to be Compliant
The new amendments state that a Title IV higher learning institution must implement a written information security program. This program is required to consist of risk assessment, system access controls, authentication and encryption, and mechanisms to ensure effective employee training and oversight of service providers. Colleges and universities impacted by the rule must also appoint a qualified individual to the security program who will ensure that all vendors also meet the requirements of the rule.
Of course, implementing changes for compliance can be expensive. Since most colleges and universities are focused on controlling costs in order to keep tuition low and attract new students, complying with the new rules – including the upfront and annual recurring costs for hiring a Chief Information Security Officer (CISO) and implementing the required measures – can really break an educational institution’s budget.
How We Can Help
At SCA, we know education is your focus, not cybersecurity. And we don’t want your education programs to suffer due to the high costs of security implementation. With our Centurion ESO Program, we become your CISO and report to your institution’s Board of Directors as required for less than half what it would cost to manage it on your own. We are experts at this, and we can help ensure your institution is compliant and protected.
Reach out to us to schedule a consultation and learn more about our Centurion ESO Program and other advisory services. We will help elevate your security and demonstrate your compliance so that your organization can grow and thrive.