The world of Higher Education is full of rich sources of personally identifiable information and can be a target for attackers looking to steal information. Student, staff, and donor databases contain a wealth of information for would-be attackers, and traditionally many of these systems have been separate.
As universities undergo digital transformation and dismantle silos, more of this information coexists in a single target. Keeping this data secure is paramount for any educational institution’s reputation and it starts with the technology platforms those systems are built upon.
When choosing a platform, trust is paramount. Education technology teams are stretched in so many different directions that they need to be able to trust in the cloud solutions they are building on. This is one of the major reasons so many institutions choose Salesforce. Parker Harris, Co-Founder of Salesforce, has stated
“Nothing is more important to our company than the privacy of our customers’ data,” placing trust as one of the four core values of Salesforce as a CRM and technology platform.
Questions every university needs to consider
Are you protecting private data adequately? Cybercriminals read the news too, and recent events are likely to inspire more hacking attempts.
Mark Adcock, Senior Technical Consultant/Salesforce MVP, and Emily Rust, Global Delivery Director at Appirio, created this checklist to help you identify where you need to focus.
[ ] The biggest threat is your internal users. Does your workforce have secure sign-in and remote access? Are you using two-factor authorization?
Especially during the COVID-19 pandemic, remote access means new devices, networks and accounts, and credentials need to be obtained, verified, stored and secured. Salesforce supports industry standard single sign-on solutions securely as well as multiple two-factor authentication options out of the box.
[ ] How many users have systems administrator / super user access? Do you have a strong governance model in place ensuring that users have the access needed to do their jobs but not access items they should not see?
With so many data sources being aggregated, CRM systems often contain a lot of information that may have been siloed before. For higher education, systems need to offer granular solutions to grant access to what users can do and what records they can access across a wide range of different constituent-focused data.
[ ] Are your vendors transparent with status and security information?
For any higher education institution, your digital reputation is just as important as your academic reputation. You stake that reputation on the security and trust you can place in the systems of technology vendors. Vendors that are transparent about data security, system availability, and maintenance are key to maintaining that reputation.
[ ] Are workers using personal devices to work from home? Do those devices meet your organization’s security standards?
Can you say for sure your workers’ devices meet university security standards, and that they aren’t being used in ways that put the institution at risk? Old devices may not be up to date and could be more vulnerable to cyberattacks, but even devices you supply are not immune.
Data needs to be secured in the browser or desktop and mobile apps with security policies that ensure sensitive data is protected from end to end.
[ ] How are you securing university data and ensuring it's only used for the intended purposes by the intended people?
Data security is always important, but today’s expansive remote access makes data security a top concern. As news reports show, new networks and devices and vendor failure provides more vulnerabilities for hackers to exploit, putting critical company information at risk when accessed remotely.
Secure technology platforms ensure that data is encrypted using secure methodologies while at rest or in transit and can be accessed via secure mechanisms. Salesforce can offer multiple security tiers that can be associated with cybersecurity tools such as virtual private networks and network access control mechanisms.
[ ] How are you monitoring threats associated with remote working? How are you mitigating those threats?
Software as a Service (SaaS)-based services means universities are often buying licenses without understanding what security risks are introduced and must be mitigated.
Access measures and endpoint controls are essential for remote work. So are detailed analytics about access and usage. A strong vendor should be able to provide powerful logging/audit mechanisms in Salesforce (typically at no extra cost) to help you act before hacker probes turn into full-scale attacks.
[ ] Does your University’s work-from-home program meet government regulations?
Your on-site systems may have been compliant with government data and security regulations, but what about your remote systems?
From personal devices to new networks to third-party applications, staples of remote work can jeopardize company and personal information, as well as security compliance.
What you can do now
Given what’s at stake — the headlines alone may make important donors hesitant to participate without reassurance — consider contacting an expert external vendor to evaluate and improve your system. Especially now, look for a partner with deep experience providing unified end-to-end services to guard against the risks of working from home.
Appirio (a Wipro company) can help you implement powerful, proven Salesforce data models that balance the removal of data silos with the protections necessary to maintain compliance and protect your institution’s reputation. Designing secure, scalable integrations into a data platform leveraging advanced technologies like Salesforce SHIELD event monitoring, platform encryption, and audit history.
For more information about what security solutions Appirio can offer universities, fill out this form.
About the AuthorFollow on Linkedin More Content by Emily Rust