Female black student in university library with laptop
Case Study
The better the question The better the answer The better the world works
Case Study

Why cybersecurity should be required reading for higher education

Following a full cybersecurity assessment, a university lands on a solution that can identify, triage and manage data risks.

1

What can cybersecurity teach a university about data protection?

A stronger cyber safety net closes the gaps in a university’s risk-management program to better protect students’ sensitive information.

Universities are diverse, decentralized organizations accountable for thousands of students and faculty — a combination that makes data protection as critical as it is challenging, particularly in an era of increasing digitization and virtual delivery.

Higher-ed institutions house a wide range of sensitive data, including student identities, personal account information, financial details and health care information. From students’ cell phone and account numbers to academic research findings, it’s vital that universities safeguard information with the highest level of security available. A growing number of colleges and universities are evaluating their cybersecurity measures and taking concrete steps to raise and reinforce the walls that protect student data, while simultaneously respecting privacy. 

An Ernst & Young LLP (EY US) cyber team recently guided a leading West Coast institution through a cybersecurity transformation, achieving new heights of automation and vigilance so the entire university community can sleep soundly, knowing their information is secure.

2

Upgraded cybersecurity limits a university’s data security risk

A university with 50+ distinct schools asked EY US to design a cyber program that better protects their student, faculty and research data.

When a leading West Coast university recognized a need to re-examine their cybersecurity and risk-management processes, EY US professionals and ServiceNow provided an integrated approach to help the institution protect its community.

The team completed a baseline study of where and by whom sensitive information was housed, identified the risks posed in each of these disparate areas and recommended controls to safeguard them. Our cyber team mobilized a governance, risk and compliance capability on the ServiceNow platform to manage risk intake, analysis, disposition and response.

The process alerted university administrators to areas of vulnerability, thoroughly assessed the challenges across more than 50 schools and implemented effective tools to protect the institution’s most sensitive information across the entire campus community.

The result for the university is an expanded safety net of rules and guidance, limited access to data by designated gatekeepers and centralized security operations. 

“Universities have a responsibility to help protect the students, faculty, researchers, staff and guests that constitute the university ecosystem,” said Rob Belk, Principal, Cybersecurity Consulting, Ernst & Young LLP. “With a new system in place, students and faculty can feel confident that the university is protecting their data, so they can confidently focus their attention on learning and research.”

Universities have a responsibility to help protect the students, faculty, researchers, staff and guests that constitute the university ecosystem.
Rob Belk
Principal, Cybersecurity Consulting, Ernst & Young LLP
3

Vigilant cybersecurity management that proactively tracks risk

The right mix of cross-unit collaboration and advanced technologies gives the university a better vantage point to identify and manage cyber risks.

The university’s cybersecurity program design created new policies and governance, created staff training and a managed security operations center — aligning scattershot processes and saving university administrators time, manual effort and worry. The system is geared to protect students’ privacy by limiting access to their personal data.

Results include:

  • 47,000 students’ data better secured
  • 20,000 employees’ data better secured
  • 168% increase in effectiveness of monitoring guidelines
  • 200 risk events tracked
  • 16 new policies

Data security

67,000

students’ and employees' data better secured.

New dashboards were programmed for leadership so that the university can easily follow data trends and make quick decisions. The new cyber-strategy targets the danger zones: student and faculty personal information, credit cards, financial data and proprietary research data. The program maps these focus areas to existing IT assets to protect them at all levels.

“Cyber, ServiceNow, GRC, Forensics and Program Management groups worked collectively as one EY team to deliver a robust cyber program that effectively safeguards sensitive student information in an era of increasing virtual delivery,” said Jatin Rajpal, Partner, Technology Consulting Services, Ernst & Young LLP. “By optimizing functionality at the highest level of the IT infrastructure, EY continues to help the university protect data and mitigate cyber risks.” 

Cyber, ServiceNow, GRC, Forensics and Program Management groups worked collectively as one EY team to deliver a robust cyber program that effectively safeguards sensitive student information in an era of increasing virtual delivery.
Jatin Rajpal
Partner, Technology Consulting Services, Ernst & Young LLP

Vickie Papapetrou, Principal, Cybersecurity, Ernst & Young LLP and Pat Niemann, EY Americas Audit Committee Forum Leader, also contributed to this article.

Contact us

Interested in the changes we have made here,

contact us to find out more.