Students, faculty and administrators use technology via multiple devices and channels. This means that an immense amount of confidential data - from server log files, device identification and online registration information - is being generated and stored that contain financial and legal records, employee information, student transcripts and much more. In a climate of advanced cyber threats, all this information is very attractive to malicious entities and hence more vulnerable to attack.
Endpoint devices form a gateway into any education institution's IT infrastructure. So your security strategy should start with securing end-user devices - whether they are tablets used in the classroom or workstations in the registrars office. Look for devices that offer data protection throughout the lifecycle with built-in security features and services, including hard drive encryption, online data backup and more:
User authentication: Biometric fingerprint or IR (infrared) cameras improve security and enhance the user experience.
Encryption: Enable full-drive encryption at the factory to save IT time when deploying devices. Alternatively, manually enable Microsoft Bitlocker on devices equipped with a Trusted Platform Module (TPM) to encrypt data.
Lenovo Online Data Backup (OLDB): This next-gen data management solution allows enterprises to securely store confidential information in the cloud with a simple, automatic backup process. It’s quick to set up, requires no additional administrative overhead, offers military-grade security, and is much more affordable and reliable than on-premises solutions. Access multiple, point-in-time versions of files, ensuring you can recover data from any form of cyber attack or accidental data loss.
Remote Secure Erase: Remotely wipe a device in the event it is lost or stolen. Using Intel® Active Management Technology, an IT administrator can erase all data on a system even if it is asleep or shut down, or the OS image is corrupt. This feature also integrates with many common IT management consoles.
Containerization: Isolated virtual containers protect against malware gaining access to devices and data. They're typically deployed on smartphones and tablets through mobile device management (MDM) or mobile application management (MAM).
Protection against snooping: Privacy filters fit to new and legacy device screens help prevent others from seeing confidential information.
Port protection: Port security features help protect against physical theft of data via USB and other access ports by disabling or otherwise requiring authentication for their use.
Keep your drive: Typically, under the terms of manufacturer device warranties, when a defective part is replaced, the old component becomes the property of the vendor. A "keep your drive" service allows you to keep your drive(s) and dispose of business data on your terms, improving data security and ensuring compliance with data privacy and retention requirements, as well as mitigating civil liability risks associated with data breaches.
*https://keepersecurity.com/assets/pdf/Keeper-Infographic-The-2016-State-of-SMB-Cybersecurity.pdf
