Millennials are the most trusting generation, but is this trust misplaced?
A recent Gallup study revealed that 44% of Millennials believe their personal information is kept private “all” or “most of the time” by companies they do business with.
The problem is that many organizations believe they are keeping their customers’ information safe when they are not. This was illustrated in 2014 “The Year of the Hacker,” when 47% of adults had their information exposed by hackers. Organizations such as colleges and universities may have outdated procedures in place that actually endanger students’ personally identifiable information (PII) due to modern hacking capabilities.
In fact, education is the industry with the second most reported data breaches, and 77% of those data breaches are attributed to higher ed institutes. See this data breach infographic for information.
The Error Schools Make in Security
One of the biggest holes in financial aid office security is email. In 2014, hackers gained access to more than 740,000 student and alumni records, according to this article.
Many financial aid departments still accept sensitive documents like copies of social security cards, W2s, drivers licenses or bank statements via email. Though it is often necessary for students or their parents to submit these documents for FAFSA verification or other reasons, it is highly dangerous for schools to receive them over email for two reasons:
- Unintended disclosures – meaning data losses that were preventable – account for 30% of all data breaches in higher education and include information relayed via email, fax or mail to the wrong person. A student could send their documents to the wrong person or a school administrator could forward the documents to the wrong person. If that “wrong person” is unscrupulous, the student’s information could be .
- Unencrypted data can be hacked. One survey of colleges and universities found 50% of institutions allowed the transmission of sensitive information over unencrypted email. Originally used for passing government and military information, data encryption is a process that changes electronically submitted information into an unreadable state so it can be transmitted safely. Email is not encrypted; therefore, anyone who hacks into a school’s email can see all information plainly, including sensitive student information.
The Big Question: How Do We Get Docs from Students?
If email isn’t safe, snail mail takes too long and most students don’t even know how to fax, how can schools get the information they need from students in a timely manner? The answer: cloud-based software.
Just like student information systems (SIS) revolutionized how student information managed, products like StudentVerification and StudentDocuments are transforming how student documentation is requested, submitted and reviewed. The verification, professional judgement (PJ) and satisfactory academic progress (SAP) processes can all be conducted through a safe, easy-to-use portal. Students upload information, fill out web forms and submit documents, all of which is transmitted to schools via a portal secured with government-grade data encryption. Data authentication confirms users who should have access and a two-step password protects accounts.
CampusLogic is not the only company with software that interacts with sensitive student data. Utilize this vendor checklist before choosing to work with any company that will have electronic access to student data.
It’s easy to blow off data breaches as something that will only happen to other schools. Our school is too small to be a target or we don’t get enough documents via email to worry are dangerous mentalities. Be the person in your department or on your campus who takes a stand for students’ safety. Protect their data so they can start their adult lives in the best position possible.