Story image

Is your school's personal data at risk?

18 Jan 16

You have an obligation to protect your school’s data from unauthorised eyes. Legal, ethical and pragmatic.

Your school’s network contains a variety of data: student and staff records, emails, application services, memos, reports and more. Some of these data are private, some are somewhat sensitive and others are public. Classifying your data is an essential first step in protecting your students and staff from hackers, cyber-criminals and opportunists.

The moment that someone enters information – especially personal details - into your school’s databases, you are responsible for ensuring that they remain private and confidential. Not only is this a responsible practice but it is the law under the Privacy Act. So if you get hacked and your data is compromised, you or your school could be liable for prosecution - not to mention your school’s name in the papers for all the wrong reasons.

“Most tightly-regulated enterprises such as finance, healthcare and central governments have a pretty good handle on the types of data they hold and how sensitive they are,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s security solutions. “But many schools don’t really have a detailed plan to secure their private information.

“And it’s not just personal information,” he continues. “Any confidential reports, communications, strategic plans, reviews and the such, while not necessarily covered by privacy laws, should be kept away from prying eyes. And to complicate things, once you start storing data in the cloud or in third-party data centres, you start to lose control of your data stewardship authority. It can be unclear where your responsibilities start and stop.”

Data classification

An important first step step you can take when securing your databases is to classify them. “Not all data carries the same level of sensitivity,” notes Khan. “Some data, such as financial, student and staff records, need to be highly-protected.

Other files, such as internal communications, newsletters and announcements etc, are not nearly as sensitive. So there is no sense in treating all of your data the same. This data hierarchy can impact storage as well. Some data need to be stored for fast access ‘in memory’ while other data can be held in archives.”

The key to all of this is metadata. “Metadata is information about information,” explains Khan. “Well-designed and maintained metadata descriptors can have a huge positive impact on your data security strategy.

Metadata can contain fields for privacy and sensitivity (ie public, private, classified, highly-sensitive), date of capture, data lineage (ie what processing has been done to the data), levels of access (which roles can access and/or modify the data) and, importantly, when the data can be safely deleted.”

Match the cost of data security / storage to their value

Storing and securing data is expensive. Best practices suggest matching your security/storage expenditures to the sensitivity of the data themselves. Metadata is the enabler for cost-effective and thorough data protection.

While the costs of storing and securing data are decreasing with new technologies, such as deduplication and security-as-a-service, they are still a major outlay. “Anything you can do to drive down your data protection overheads while ensuring highly-secure access for authorised staff is a smart move,” concludes Khan.

“The tools are out there. It’s just a case of knowing what to do and then making it happen. These issues will not go away, indeed they are becoming more critical. Securing you data is not an option, it is your paramount responsibility.”

For further information, please contact:

Hugo Hutchinson, Business Development Manager at Ingram Micro

P: 09-414-0261 | M: 021-245-8276

IDC: Smartphone shipments ready to stabilise in 2019
IDC expects year-over-year shipment growth of 2.6% in 2019, while the world's largest market is still forecast to be down 8.8% in 2018.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”