Data Breach Incidents in Educational Institutions

paper-vs-digital

Shredding companies in Ireland are employed by educational institutions such as colleges and universities. These institutions are considered easy targets because of their open structure and long information retention periods.

Data Breaches have occurred in educational institutions ranging from lost laptops with sensitive information to targeted cyber-attacks and student identification cards. There are lots of other confidential data that is useful to attackers beyond payment data and student records; such as employee records, patient health information and scientific research data. Paper shredding or document shredding will reduce the risk of data breaches

Negative public exposure regarding a breach will have a negative impact on the reputation of the educational institution as well as the enormous knock on effect it would have regarding peoples data. In order to minimise the risk of any size of a data breach a Risk Reduction Strategy must be established.

Security in Shredding recommend a number of methods to include in a Risk Reduction Strategy;

  1. Data Security” has to become “second nature” within the colleges and universities from the top down. A Data Security Informational Event should be organised by the educational institutions to inform in a fun way, the students and employees the importance of data protection and data security. You could look upon this as a form of training – Knowledge is key.
  1. Make students and employees aware of the Data Security Policies and Procedures. Use means such as bulletin board, posters, newsletters etc.
  1. Regular risk assessments should be conduct on an on-going basis to identify where the gaps in information security exist and to establish and provide the solutions.
  1. Physical Security of all sensitive data is very important. Secure restricted authorised access for key personnel is an important measure to take to minimise the number of unauthorised access events.
  1. Maintain a “Clean Desk Policy” and place all sensitive paper records that is no-longer required in the lockable secure console that is provided by the contracted Data Destruction Service Provider such as Security in Shredding.
  1. Implement and utilise IT security tools such as firewalls, encryption, anti-virus software etc. It is important to protect both digital data and hard paper data.
  1. Establish and use a Document Management Process for the tracking of documents, generation, storage and destruction of documents.
  1. Use the professional secure recognised services of a registered data processor whom is an established Full Data Management Service Provider, such as Security in Shredding whom provides a complete secure chain of custody for your data needs.

If you would like to find out more about on site paper shredding and or off site paper shredding, contact Security in Shredding’s Data Consultant Team on 067 24848. They are glad to help.