To celebrate Data Privacy Week in January, the Federal Student Aid Training Center created a collection of training resources for financial aid administrators. And while this may be the last thing on your mind at this busy time of year, it’s important to make sure you know about your responsibilities when it comes to protecting your students’ information and your own for that matter. We encourage you to take advantage of the full training program when you have the time, but here are some things to consider in the meantime.
Do your staff members ever work from home or anywhere outside the office? Are they using equipment provided by your institution even when not in the office? If your answers are yes and yes, you should consider encryption if you haven’t already. For technology thieves, cracking a password is pretty easy, so encryption provides another layer of security if the technology is lost or stolen when outside your office.
Whether your staff is in the office, out of the office, or a little of both, two-factor authentication is also a good idea. And, if you have certain employees you don’t want to access your systems outside your office, like work-study students or temporary contractors, using a fob rather than a smart phone application or text messaging system is recommended. You can collect the fobs at the end of the day and lock them up…not so much the cell phones.
Most documents are being scanned today, so there’s not as much paper flowing through your office, but there’s still some and it very likely contains confidential information, so be a member of the clean desk club! (And encourage your colleagues to do the same.) Have a system where staff members can protect documents without actually having to re-file them when they need to leave their desks. It doesn’t have to be fancy; a desk or file cabinet drawer will do. It would be even better to have a desk or cabinet that locks for when employees leave for the day. Just because the door is locked doesn’t mean no one can access your office outside of business hours.
Finally, train your staff to identify phishing schemes, malicious files, and other cybercrime that might come in the form of an email. Ask your IT department about strengthening spam filters, if you’re concerned, and also find out how you can back up your data in case there is a breach and your database is impacted. IT can also help you devise a plan to recover should the worst happen.
If you’re looking for data security, compliance, or process improvement suggestions for your particular Financial Aid Management System, check out the Technology Support & Systems Analysis services offered by the Higher Education Assistance Group or email us at info@heag.us.