Federal Student Aid (FSA) has developed two new factsheets on how to establish an Incident Response Plan (IRP) and the importance of data sanitization. Additional information is below.
In the event of a cyberattack, an IRP mitigates risk and limits damage by establishing plans, procedures, roles, and responsibilities. To learn more, create, or strengthen your institution’s IRP, visit FSA’s Cybersecurity Incident Planning for Institutes of Higher Education factsheet.
Physical documents, mobile devices, external hard drives, USB drives, memory devices, and computers can harbor abundant sensitive student data. If not properly disposed of, confidential data may be wrongly disclosed. FSA’s Media Sanitization and Disposal Best Practices factsheet details how to permanently destroy media to protect confidential personal data and proprietary information.
A recent Cybersecurity and Infrastructure Security Agency (CISA) report, “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats,” provides recommendations and resources showing how a small number of steps will significantly reduce cybersecurity risk.
Institutes of Higher Education may find the key findings and recommendations useful, including:
develop a cyber incident response plan that leverages the NIST Cybersecurity Framework;
minimize the burden of security by migrating IT services to more secure cloud versions;
build a relationship with CISA and FBI regional cybersecurity personnel;
implement multifactor authentication (MFA);
prioritize patch management;
perform and test backups; and
create a training and awareness campaign.
The full CISA report, along with links to resources, training, and a digital toolkit, is available at: https://www.cisa.gov/protecting-our-future-partnering-safeguard-k-12-organizations-cybersecurity-threats.
If you have any questions about the information included in this announcement, please contact FSASchoolCyberSafety@ed.gov.
To sign up for FSA’s IHE cybersecurity newsletter, email FSASchoolCyberSafety@ed.gov with the subject line: “Send me the FSA Cybersecurity Newsletter for IHEs.” Created for IT and compliance professionals at institutions of higher education (IHEs), FSA’s cybersecurity newsletter features news, updates, tips, and resources about cybersecurity best practices—all to help protect student data and keep your institution secure.
Leave a Reply