Why cybersecurity should be required reading for higher education

Universities are diverse, decentralized organizations accountable for thousands of students and faculty — a combination that makes data protection as critical as it is challenging, particularly in an era of increasing digitization and virtual delivery.

Higher-ed institutions house a wide range of sensitive data, including student identities, personal account information, financial details and health care information. From students’ cell phone and account numbers to academic research findings, it’s vital that universities safeguard information with the highest level of security available. A growing number of colleges and universities are evaluating their cybersecurity measures and taking concrete steps to raise and reinforce the walls that protect student data, while simultaneously respecting privacy. 

An Ernst & Young LLP (EY US) cyber team recently guided a leading West Coast institution through a cybersecurity transformation, achieving new heights of automation and vigilance so the entire university community can sleep soundly, knowing their information is secure.

When a leading West Coast university recognized a need to re-examine their cybersecurity and risk-management processes, EY US professionals and ServiceNow provided an integrated approach to help the institution protect its community.

The team completed a baseline study of where and by whom sensitive information was housed, identified the risks posed in each of these disparate areas and recommended controls to safeguard them. Our cyber team mobilized a governance, risk and compliance capability on the ServiceNow platform to manage risk intake, analysis, disposition and response.

The process alerted university administrators to areas of vulnerability, thoroughly assessed the challenges across more than 50 schools and implemented effective tools to protect the institution’s most sensitive information across the entire campus community.

The result for the university is an expanded safety net of rules and guidance, limited access to data by designated gatekeepers and centralized security operations. 

“Universities have a responsibility to help protect the students, faculty, researchers, staff and guests that constitute the university ecosystem,” said Rob Belk, Principal, Cybersecurity Consulting, Ernst & Young LLP. “With a new system in place, students and faculty can feel confident that the university is protecting their data, so they can confidently focus their attention on learning and research.”

The university’s cybersecurity program design created new policies and governance, created staff training and a managed security operations center — aligning scattershot processes and saving university administrators time, manual effort and worry. The system is geared to protect students’ privacy by limiting access to their personal data.

Results include:

• 47,000 students’ data better secured
• 20,000 employees’ data better secured
• 168% increase in effectiveness of monitoring guidelines
• 200 risk events tracked
• 16 new policies

Vickie Papapetrou, Principal, Cybersecurity, Ernst & Young LLP and Pat Niemann, EY Americas Audit Committee Forum Leader, also contributed to this article.