MyNotes - Stepping Into the Breach -- Campus Technology

Every other month, I read or hear about a breach of privacy that affects educators. Let's see...yes, it's been a week since the last time I heard about one affecting educators. Just today, I chatted with a teammate and we discussed how important it is to encrypt data. It's a simple job these days to accomplish, and I don't understand why people who have access to thousands of confidential records continue to leave data unencrypted.

My recommendations for encryption are here:

Stepping Into the Breach -- Campus Technology
    • Stepping Into the Breach
      • By Sue Marquette Poremba
        • almost every school has suffered a breach or an exposure at some point.
          • breaches are not only inevitable but will occur more than once.
            • schools should do whatever they can to secure their networks, but
              • Critical components of a plan include alerting potential victims that their information may have been compromised, explaining the situation to the public, and internal steps for identifying and analyzing the damage and re-establishing a secure system.
                • institutions must also have a plan in place to deal with the aftermath of a breach.
                  • The first step, though, is to come clean.
                    • "If you let the media control the message, it is going to be a painful experience," says Jeremiah Grossman, chief technology officer with WhiteHat Security. "It has to be all about honesty and transparency to make sure there remains a level of trust in the institution."
                      • One strategy is to give the communications departments a prepared script about the breach.
                        • one of the biggest mistakes that organizations make is trying to quickly shut down any malicious activity.
                          • If this is an accidental breach, then you will need to understand what happened and how. If this is a malicious breach, then it is imperative that the systems involved remain active--any attempt to cut off the attackers will only alert them and may destroy any evidence on the breached systems. If it does appear to be a malicious breach, you should call in a forensic team and law enforcement before you change anything.
                            • the clock is ticking. "As soon as we discover the significance of an exposure or breach, we have 45 days to notify the people whose sensitive information may have been exposed
                              • Having a website dedicated to the problem is also valuable. The website should include basic information about what happened, what the school might be offering (like free credit monitoring for a prescribed amount of time), and an FAQ that is regularly updated with any new questions that come in. The help center should also include the website address as part of any recorded phone message.
                                • there is a window of opportunity to respond to a breach. It just happens that that this window comes before the breach ever occurs. Drawing up a clear incident-response plan with well-defined responsibilities can save your organization millions of dollars in costs and a lot of embarrassing publicity.
                                  • In data security parlance, there is a subtle--but important--difference between a breach and an exposure. An exposure is an incident where someone obtained access to your data but you aren't sure if anyone actually looked at it. In a breach, you know someone looked at it.
                                    • Sue Marquette Poremba is a Central Pennsylvania-based writer who specializes in security and technology.


                                      Popular posts from this blog

                                      Rough and Ready - #iPad Created Narrated Slideshow

                                      Old Made New: Back to Bunsen Labs Linux (Updated)

                                      The Inside Scoop: EdTech 2020 Virtual Conference #edtech #zoom