With increased attacks on educational institutions—from ransomware to data exfiltration— schools of every size are looking for ways to better protect their organization. Adding to the challenges security teams face, there is increased pressure to meet the latest compliance mandates such as the Gramm-Leach-Billey Act (GLBA), Student Aid Internet Gateway Agreement (SAIG), and the Federal Trade Commission (FTC) Safeguards Rule.
GLBA compliance
Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements and FTC Safeguards Rule mandate that post-secondary educational institutions managing data associated with federal student loans have measures to keep information secure by June 2023.
Some of the nine updates in the GLBA Cybersecurity Requirements impacting educational institutions include:
- Regularly test or otherwise monitor the effectiveness of the safeguards it has implemented.
- Establish an incident response plan.
- Report regularly and at least annually to those with control over the institution on the institution’s information.
- Provide for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring.
Fortunately, Red Canary can help you meet many of the GLBA requirements with our managed detection and response (MDR) and training offerings:
- Red Canary MDR continuously monitors your environment 24×7, hunts for suspicious activity, investigates and responds to threats, and provides reporting to prove your posture at any time.
- Red Canary Readiness Exercises prepare your team for cybersecurity incidents and help you build an incident response plan with continuous training, tabletops, and atomic tests in one engaging experience.
MDR for education essentials
Want to learn more? We have put together a set of materials to help educational institutions stay protected and compliance with MDR: