Story image

Is your school's personal data at risk?

18 Jan 2016

You have an obligation to protect your school’s data from unauthorised eyes. Legal, ethical and pragmatic.

Your school’s network contains a variety of data: student and staff records, emails, application services, memos, reports and more. Some of these data are private, some are somewhat sensitive and others are public. Classifying your data is an essential first step in protecting your students and staff from hackers, cyber-criminals and opportunists.

The moment that someone enters information – especially personal details - into your school’s databases, you are responsible for ensuring that they remain private and confidential. Not only is this a responsible practice but it is the law under the Privacy Act. So if you get hacked and your data is compromised, you or your school could be liable for prosecution - not to mention your school’s name in the papers for all the wrong reasons.

“Most tightly-regulated enterprises such as finance, healthcare and central governments have a pretty good handle on the types of data they hold and how sensitive they are,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s security solutions. “But many schools don’t really have a detailed plan to secure their private information.

“And it’s not just personal information,” he continues. “Any confidential reports, communications, strategic plans, reviews and the such, while not necessarily covered by privacy laws, should be kept away from prying eyes. And to complicate things, once you start storing data in the cloud or in third-party data centres, you start to lose control of your data stewardship authority. It can be unclear where your responsibilities start and stop.”

Data classification

An important first step step you can take when securing your databases is to classify them. “Not all data carries the same level of sensitivity,” notes Khan. “Some data, such as financial, student and staff records, need to be highly-protected.

Other files, such as internal communications, newsletters and announcements etc, are not nearly as sensitive. So there is no sense in treating all of your data the same. This data hierarchy can impact storage as well. Some data need to be stored for fast access ‘in memory’ while other data can be held in archives.”

The key to all of this is metadata. “Metadata is information about information,” explains Khan. “Well-designed and maintained metadata descriptors can have a huge positive impact on your data security strategy.

Metadata can contain fields for privacy and sensitivity (ie public, private, classified, highly-sensitive), date of capture, data lineage (ie what processing has been done to the data), levels of access (which roles can access and/or modify the data) and, importantly, when the data can be safely deleted.”

Match the cost of data security / storage to their value

Storing and securing data is expensive. Best practices suggest matching your security/storage expenditures to the sensitivity of the data themselves. Metadata is the enabler for cost-effective and thorough data protection.

While the costs of storing and securing data are decreasing with new technologies, such as deduplication and security-as-a-service, they are still a major outlay. “Anything you can do to drive down your data protection overheads while ensuring highly-secure access for authorised staff is a smart move,” concludes Khan.

“The tools are out there. It’s just a case of knowing what to do and then making it happen. These issues will not go away, indeed they are becoming more critical. Securing you data is not an option, it is your paramount responsibility.”

For further information, please contact:

Hugo Hutchinson, Business Development Manager at Ingram Micro

P: 09-414-0261 | M: 021-245-8276

Game review: Crackdown 3 launches on Xbox One and PC
Crackdown 3 is an average game that may have come out 10 years too late, writes Damian Seeto.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
NZ Cricket ups data analytics game with Qrious
The Black Caps and White Ferns have implemented a data and analytics solution from Qrious to monitor and improve game strategy and player performance.
Gartner: Smartphone biometrics coming to the workplace
Gartner predicts increased adoption of mobile-centric biometric authentication and SaaS-delivered IAM.
Samsung & Trade Me offer AI-powered shopping
The smartphone camera & AI-powered tech, Trade Me says, is a ‘glimpse into the future of shopping’.
Neill Blomkamp's 'Conviction' is a prequel to BioWare's Anthem
You may remember Neill Blomkamp’s name from such films as District 9, Chappie, and Elysium. If you’ve seen any of those films, the short teaser trailer will seem somewhat familiar to you.