Skip to main content
North America
  • North America
  • América Latina (Español)
  • Europe, Middle East, Africa, Asia Pacific (English)

Top Bar - North America

  • Resources
    • On-Demand Webinars
    • White Papers
    • Demos
  • Partners
  • Customer Center
  • Contact
    • Call Us 1-800-223-7036
    • Contact Us
    • Schedule a Demo
  • Search
Home

Main navigation - North America

  • Solutions
      • Technologies
        • ERP & SIS
          Big or small, private or public, we have the right solution to power your institution
        • CRM
          Build lifelong relationships with students and help your institution grow
        • Integration & Analytics
          Connect your systems and gain valuable insights with our revolutionary data model
        • See All Products
      • Services
        • Deploy & Sustain
          Seamlessly implement and sustain Ellucian technology at your institution
        • Manage
          Improve institutional performance with outsourcing services
        • Train
          Empower your team on Ellucian software and drive successful adoption
      • Departments
        • Advancement/Alumni Relations
        • Finance
        • Human Resources
        • Information Technology
        • Recruiting & Admissions
        • Student Services
    • Alignment Fix
    • Cloud for Higher Ed
      Cloud for Higher Education
      1000+ Customers use Ellucian’s Cloud Solutions
      Find out why
  • Success Stories
      • By Institution Size
        • 3,000 - 5,000
        • 5,000 - 8,000
        • 8,000 - 15,000
      • By Institution Type
        • 2-year Public Institution
        • 4-year Private Institution
        • 4-year Public Institution
      • See All Success Stories
      • By Solution
        • Colleague
        • Banner
        • Cloud
    • Featured
      Doubled applications during a pandemic
      Modernizing the Campus
      Doubled applications during a pandemic
      Dive deeper
      Toby Carroll, Southern New Hampshire University
      Analytics and Data Integration
      Real-time data improves admission and advising experience
      Dive deeper
  • Insights
      • Most Read Topics
        • Modernizing the Campus
        • Cloud for Higher Ed
        • Analytics and Data Integration
        • Enrollment and Retention
        • Our Approach
      • See all insights
    • Featured
      Ellucian Live Online 2020
      Our Approach
      Come shape what’s next: Top 10 ways to engage with Ellucian Live Online
      Dive deeper
      Reducing information security risk
      Data Security
      Top information security practices for higher education
      Dive deeper
  • Our Company
      • Who We Are
        • About us
        • Careers
        • Events
        • Executive Team
        • News
        • Resources
    • Featured
      Ellucian Live Online 2020
      Events
      Ellucian Live
      Learn more
      Texas Southern University Migrates to the Cloud with Ellucian
      News
      Texas Southern University Migrates to the Cloud with Ellucian
      Learn more
      Careers
      Careers
      We're a tech company with heart
      Learn more
  • Solutions
    • Technologies
    • ERP & SIS
    • CRM
    • Integration & Analytics
    • See All Products
    • Services
    • Deploy & Sustain
    • Manage
    • Train
    • Departments
    • Advancement/Alumni Relations
    • Finance
    • Human Resources
    • Information Technology
    • Recruiting & Admissions
    • Student Services
    • Alignment Fix
  • Success Stories
    • By Institution Size
    • 3,000 - 5,000
    • 5,000 - 8,000
    • 8,000 - 15,000
    • By Institution Type
    • 2-year Public Institution
    • 4-year Private Institution
    • 4-year Public Institution
    • See All Success Stories
    • By Solution
    • Colleague
    • Banner
    • Cloud
  • Insights
    • Most Read Topics
    • Modernizing the Campus
    • Cloud for Higher Ed
    • Analytics and Data Integration
    • Enrollment and Retention
    • Our Approach
    • See all insights
  • Our Company
    • Who We Are
    • About us
    • Careers
    • Events
    • Executive Team
    • News
    • Resources
North America
  • North America
  • América Latina (Español)
  • Europe, Middle East, Africa, Asia Pacific (English)

Top Bar - North America

  • Resources
    • On-Demand Webinars
    • White Papers
    • Demos
  • Partners
  • Customer Center
  • Contact
    • Call Us 1-800-223-7036
    • Contact Us
    • Schedule a Demo
  • Search
  1. Home
  2. Insights
  3. Data Security
  4. Top information security practices for higher education
Reducing information security risk

Top information security practices for higher education

By Josh Sosnin
  • Share on LinkedIn
  • Share on Facebook
  • Share on Twitter
  • Share via Email

Protect your sensitive institutional data with these nine key steps.

Key takeaways

  • Institutions can take several immediate steps to combat cyberattacks.
  • Key focus areas include information security governance, compliance, data protection, and privacy programs.
  • It’s essential to educate your community though ongoing awareness programs.

Cyberattacks and phishing are on the rise, but institutions can take several immediate steps to help protect their sensitive data from intrusions. In line with the recommendations of the EDUCAUSE Higher Education Information Security Council (HEISC) and other industry groups, Ellucian recommends nine best practices in information security governance, compliance, data protection, and privacy programs that will strengthen your security position quickly and effectively.

1. Automatic updates

Up-to-date security patches form the backbone of any secure system. All end-user computing devices should have automatic updates enabled, and all should be running the latest secure OS and application patches to reduce the risk of exploit, unauthorized access, and loss of information assets and data.

2. Anti-virus and malware solutions

Installing and keeping up-to-date anti-virus and anti-malware solutions on user endpoint systems is another integral part of your institution’s front-line defense. It doesn’t have to be a costly endeavor. A solution like Microsoft’s Defender is included with the operating system and can help defend against viruses and malware.

3. Email security

By utilizing the security features of your enterprise email solution, you can reduce the risk to your institution through its most used communication tool. Consider enabling features like:

  • Antivirus/anti-malware scanning of attachments
  • Deep link inspection
  • Spam filtering
  • Anti-spoofing
  • Encryption (for sensitive data emails)
  • Configured and deployed SPF/DKIM/DMARC records
  • Data loss filtering capabilities (DLP)
  • Multifactor authentication (for email access)
  • Email header tagging (to identify externally sourced emails)
  • Email domain blacklisting services

4. Anti-phishing measures

Email is the leading attack vector for cybercriminals, and most cyberattacks start with email phishing attempts. By implementing an effective anti-phishing program now, you can lower your institution’s risk from phishing attacks.

  • User awareness — Make sure your employees and students always stay aware of the threat phishing poses, how to identify phishing emails, and, just as importantly, what to do when they suspect a phishing attempt. By implementing email features like email header tagging for externally sourced emails, you can help your end users determine where more scrutiny may be needed. There are numerous free resources available, such as EDUCAUSE and SANS, to help get you started.
  • Simulated phishing campaigns — By implementing a formal simulated phishing program and testing your employees’ ability to identify and report phishing emails, your institution can gauge where awareness is needed and track the long-term performance and effectiveness of your awareness program.

5. Multi-factor authentication (MFA)

By adding multi-factor authentication requirements at critical points, you can dramatically reduce the risk of unauthorized access to your institution’s information assets and data. Consider adding MFA for all users to access the following:

  • Remote administration
  • VPN
  • Enterprise email
  • ERP and HRIS
  • File storage
  • Other applications housing sensitive data

6. Ransomware protection

The threat and consequences of a ransomware attack are enormous to unprepared institutions. Here are three steps you can take now to mitigate the impact in the event of such an attack:

  • Backup and recovery — Ensure all critical systems and data are backed up and recovery capabilities have been validated. The ability to recover data encrypted by ransomware is critical.
  • Drive mappings — If possible, eliminate the use of mapped/shared drives. This will prevent ransomware-infected systems from reaching data hosted on remote systems, thus minimizing the scope of the threat.
  • Antivirus and anti-malware — Again, installing and keeping up-to-date antivirus and anti-malware solutions on user endpoint systems can reduce the risk of ransomware being executed on your system.

7. Payroll and invoicing process review

The threat of payroll and invoice fraud against higher education institutions is rising. This type of threat exploits institutional processes around these functions, often regardless of the solution in use. It’s critical to review your payroll and invoice processes to identify any steps that could be manipulated to bypass intended validation and authorization points.

8. Email validation

Higher education institutions are facing a relatively new threat involving the mass creation of fraudulent accounts in their ERP systems. A simple way to minimize your risk: enable email validation features within your ERP system.

9. Compliance

While compliance requirements can be difficult to keep up with, it’s vital to stay abreast of new and changing requirements that can affect your institution. Work with your legal counsel to fully understand your obligations and ensure that your cloud providers can support you in your compliance efforts.

Topic
Data Security, IT Standards and Architecture, Our Approach
About the Author
Josh Sosnin
Josh Sosnin
Vice President and Chief Information Security Officer

Josh Sosnin is the Vice President and Chief Information Security Officer at Ellucian. He is responsible for securing Ellucian’s software products and cloud services.

Read full bio
Other articles by Josh

Products & Services

Ellucian Ethos

Connect people, processes, and applications across your institution with the higher ed platform.

Read More
Managed Services

Strengthen your strategy and execution for improved institutional performance.

Read More
Ellucian Cloud

Say hello to the cloud built for higher education. Ellucian Cloud Solutions and Services are designed specifically to help higher education institutions modernize their systems without disruption to help you solve your toughest challenges.

Read More

Related Content

Information security essentials for higher education
eBook
Information security essentials for higher education

Learn how to safeguard the integrity and availability of your systems and data with these key infosec tips.

Dive Deeper
Solution Sheets
Solution Sheet
Ellucian Ethos Identity
Dive Deeper
Insights - It and security intellectual capital
White Paper
The right security framework can save your institution

Choose a security framework to protect your intellectual capital and avoid a financial or PR nightmare.

Dive Deeper

Get Started Today

 Connect with us
 Schedule a demo

Footer - North America

  • Careers @ Ellucian
  • Resources
  • Training
  • Security
  • Vendor Portal
  • Privacy
  • Cookie Declaration
  • Modern Slavery Act
  • Sitemap

Social Media - North America

  • Twitter
  • Facebook
  • YouTube
  • LinkedIn

Subscribe

Do not sell my info

© 2021 Ellucian Company L.P. and its affiliates.

Home Close