Serendipity is Not an Adequate Data Security Solution

13 Aug
2014

Serendipity is Not an Adequate Data Security Solution

The merry-go-round of data breaches continues across industries as both Weber State University and Seattle University are the latest victims of a data breach. Over 1200 students were exposed as a result of the breach at WSU, while Seattle University notified the New Hampshire Attorney General’s office that anyone with a Seattle University computer account could view scanned checks from donors. This is the second data breach in a matter of months for Seattle University. Both of these attacks were discovered serendipitously with no help from data security software. Serendipity is Not an adequate data security solution.

WSU spokeswoman, Allison Hess, told members of the media, "As with any large institution, we have so many students and faculty and staff and computers and we access so much technology, we have to be constantly vigilant with the security," Hess said. "You can't just assume that it's going to be OK." Vigilance is the key. University officials are not sure what type of “sensitive data” was compromised, but they were very forthcoming about the breach, when many institutions are not.

Seattle University discovered the breach when a student discovered the scanned checks, due to incorrect folder permissions. Check account numbers, Bank routing numbers, and names were exposed. All 3 of the reported breaches were discovered by, wait for it – LUCK. Good Samaritans reported the breaches for Seattle University and a savvy Professor discovered the attack at WSU.

Most University Data Breaches go Unreported

Larry Ponemon, founder and chairman of the acclaimed Ponemon Institute was quoted, “What was really interesting was some of the breaches were not a major public event. It's getting to be such a boring story. Really small breaches, ones that are less than 20,000 names, are not getting into the press at all.” Boring due to low numbers, but it is not boring for the people who have to recover their lost “sensitive data”. He went on to say "There are probably a lot of data breaches in higher education that go undetected, probably more so than in other industries. The universities are not aware of data leakage and the harm that can result. It can cost universities a lot of money." The average cost for recovering those breached records averages around $111 per record. 

How can Universities Secure their Data Environment

Understand your data and the networks where it exists. Continuously, monitor all of the activity on your networks. This is not meant to imply manual monitoring, solely, as there are several software programs that can monitor and alert any suspicious activity.  Monitor all of the activity all of the time. DDoS attacks and Phishing schemes look for any weaknesses in the network infrastructure. Laziness in monitoring will lead to a breach. Know where your data lives in your network and secure it. This includes Personally Identifiable Information (PII), Payment Card Data (PCI), and Protected Health Data (PHI). You have to develop a realistic approach to securing your data, which generally requires an iterative implementation. All of these steps seem simple, but have many complex aspects to them. You must address every area of your infrastructure to develop a holistic security strategy.

Get Data Out of Your Environment

How do I do that? Are the first words rolling off your tongue. Simple. Cloud Tokenization. By tokenizing your data, you can secure almost any data type your company works with, including payment card data, financial account numbers, PHI records, and even unstructured data formats. With this degree of flexibility in data security, keeping data safe is no longer a game of, “We hope this works.” Cloud tokenization replaces the sensitive data in your environment with a value that is unrelated to the original data set. If you get breached, the cyber-thieves get a valueless token, while your sensitive data is secured in a cloud environment.

Don’t be the next casualty! To find out more on how you can tokenize your data environment with TokenEx and reduce PCI Scope/Compliance by up to 95%, visit TokenEx.com. Follow us on Twitter and LinkedIn.