The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, Retail, Financial Services, Healthcare, Higher Education, Payments, Government.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.
The Coalfire Blog
College students concerned about information security
September 23, 2013, Mark Lucas, Vice President, Chief Information Security Officer, Coalfire
Universities and colleges have been under significant pressure to upgrade their technology both in and out of the classroom. For instance, many organizations turn to mobility as a way to engage students and facilitate learning campus-wide. While much of the discussion is around issues such as the availability of Wi-Fi, there are numerous other things to consider as smartphones and tablets become a part of most technology ecosystems.
One of the drawbacks of increased mobility is that there are a lot more endpoints to consider when it comes to information privacy and data security. As ZDNet contributor Charlie Osborn recently observed, students in the United States and United Kingdom are increasingly concerned with the ability of universities to protect information, with approximately 80 percent recognizing the prevalence of privacy threats.
The problem is multi-faceted, as much of the threat to student information stems from a lack of awareness or willingness to follow safe practices. For example, 62 percent of students said they use an unsecured Wi-Fi network at least once a month.
The problem with statistics like these is that the devices that students are using contain a wide range of personal information. For example, Gartner predicted that mobile payment transactions will reach $235.4 billion this year, representing a 44 percent increase from 2012. Just as the problem comes from a variety of trends, the solution to this issue must be multi-faceted in its approach as well.
Addressing risk: Remember the PCI Data Security Standard
As the campus population becomes increasingly mobile, services such as the cafeteria will likely consider accepting mobile payment solutions. However, it is essential to keep PCI compliance in mind as this technology is implemented. The risk of payment card data theft and identity fraud extends well beyond the ramifications of a failed PCI audit. Particularly as students grow more conscious of information security issues, organizations can suffer from extensive reputational damage if an incident occurs. This suggests a growing pressure to ensure that students are aware of how to protect their own information, while also securing the systems that are used to process payment information. In regards to mobile payment acceptance, the PCI Security Council makes several recommendations, including:
Implement a trusted path between the data entry device and mobile devices
Process account data within a trusted execution environment
Encrypt all account data before it leaves the trusted environment
Implement server-side controls and monitoring mechanisms
Control and limit access to cardholder data
The Council also warns that these guidelines do not fully guarantee compliance, and suggests that organizations take stock of their unique environments as they apply to PCI data standards. Furthermore, the rapid rate of evolution in mobile technology means that payment card brands may have to significantly and frequently alter their mobile payment requirements.
<< Go Back
Blog post currently doesn't have any comments.