What is a Data Leak and How Can It Affect Educational Institutions?
As is often the case with any kind of leak, a hole must be found and plugged before it is too late. In the education sector, this is no different. A data leak can be your worst nightmare so here’s a summary of what it is and how you can protect yourself from it.
What are data leaks and data breaches?
A data leak is
when sensitive information is exposed to third parties.
According to the U.S. Department for Health and Social Services, a data breach is:
A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
Verbal, non-verbal, or written dissemination of confidential client data by a staff member may also be considered a data breach.
There are two types of data breaches: accidental and intentional.
Some examples of data breaches occurring in schools are:
- A student or pupil accessing a staff member’s internal network because the device was left logged in.
- Sending old computers off to be recycled without deleting sensitive data on them.
- Sending personal information to the wrong person by email, phone or fax.
- Altering personal data without permission, such as grades or payroll systems.
- Loss of availability of personal data through outages and inability to access cloud network.
Data Leak Prevention
Data Leak Prevention (also known as DLP) is the process by which an organisation protects itself against data leaks. There are many ways school’s can seek to minimise the risk of a data leak but school’s should consider the following:
- Does your institution regulate the use of internet traffic and chat rooms?
- Do you have a process to keep software patched and up to date?
- Are you backing up network data?
- How are you managing devices that leave the school network?
- Do you use content filtering to prevent access to inappropriate materials?
- Is there a reporting procedure in place for accidental access or exposed personally identifiable information?
- Is internet safety part of the staff training and curriculum?
- Do you follow consent procedures and safe practices when using images of children in your schools online?
- Does everyone know how to send emails securely?
- Can you monitor outbound emails through centralised software?
Using email gateway solutions is a great way to minimise the risk of data leaks.
DLP features in email gateways allow administrators to set rules that look for sensitive data in outgoing emails and force encryption or quarantine the emails. For example, you could look for the use of the word “password” or “username” and force encryption or automatically quarantine anything that has sensitive information, such as a credit card number in the subject line.
For more information on data leak prevention features in Pie Security, click here.