
Collecting sensitive data from thousands of students and employees, education is one of the sectors most vulnerable to data breaches. With limited cybersecurity budgets and know-how, schools are an easy target for cybercriminals and are especially prone to employee carelessness. However, increasingly strict regulations are making data protection mandatory in education as well, with high penalties for institutions that fail to protect students’ and employees’ personal information.
In the US, the Family Educational Rights and Privacy Act (FERPA) forbids the sharing of student data without a parent’s or, if the student is over 18, their own written permission. FERPA violations can restrict access to US Department of Education funding, so compliance is a crucial concern for schools at every level. Any institution that has EU data subjects enrolled in their programs automatically also needs to abide by the strict requirements of the EU General Data Protection Regulation (GDPR), which has an extraterritorial reach and very high fines for noncompliance.
Human error is responsible for 26% of all data breaches in education, according to the IBM and Ponemon Institute’s Cost of a Data Breach report 2020, one of the highest rates across all sectors. An email with personal student information accidentally sent to the wrong person or to all the individuals in an email thread already represents a FERPA violation. Hackers can also easily gain access to school networks through university library computers and infect them using malware-riddled USBs.
To ensure data protection compliance and security, educational institutions need to ensure that basic cybersecurity measures such as antivirus solutions and firewalls are adopted. However, to prevent data leaks and address employee carelessness, educational institutions need to go one step further and look at Data Loss Prevention (DLP) solutions.
Control and monitor sensitive data directly
DLP solutions have become a critical component of educational institutions’ data protection efforts. They allow educational institutions to monitor and control the sensitive data they collect through predefined policies for personal information and compliance with regulations like GDPR.
Using contextual scanning and content inspection, DLP solutions such as Endpoint Protector can identify sensitive data in over a hundred file types, blocking its transfer through insecure channels such as popular messaging apps, file-sharing services, or personal emails. DLP tools can also prevent sensitive data from being copied and pasted or printed. Any attempts to violate DLP policies are logged and reported, helping educational institutions identify bad data protection practices or common unauthorized data exit channels.
Control removable devices
As previously mentioned, USBs can be used by cybercriminals as infection tools and as a way to bypass login screens and gain access to a computer. However, the infection can also happen unintentionally when a student connects a USB to a school computer, unaware their device has been infected. When sensitive data is copied onto a USB, it also becomes vulnerable to loss as USBs are notoriously easy to lose or forget.
DLP solutions come with device control policies that help educational institutions limit or block the use of portable devices. The use of USBs can thus be limited to trusted devices such as school-issued USBs, and any sensitive data transfers onto removable devices can be flagged, giving educational institutions a clear insight into who has attempted to transfer sensitive data, when, and with which device.
Protect sensitive data on all operating systems
Students and employees often use their personal devices to connect to school networks. These devices run on diverse operating systems, not just on Windows, and often include macOS and several Linux distributions. To ensure continuous data protection, educational institutions need to consider cross-platform cybersecurity solutions that can be managed from a single interface.
Such centrally administered solutions offer two major advantages. They reduce costs as a single solution replaces several specialized tools for different operating systems. They also simplify data protection management when IT personnel is limited. Often one person is enough to manage them. However, educational institutions choosing to go the cross-platform route need to ensure that the solutions they choose offer feature parity for all operating systems and don’t have limited applicability to other operating systems apart from the primary one they were initially designed for.
Frequently Asked Questions
Read more about GDPR.
Read the full text of the GDPR.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.