3 reasons why institutions need to be vigilant about collected data during COVID-19
Author: Eric Johnson, Chief Information Officer at SurveyMonkey
There’s a new wave of data coming at institutions—and this time, it’s a tsunami. The global COVID-19 health crisis is contributing to a growing need to gather sensitive data from students, faculty, and on & off-campus staff, especially where health and safety are concerned.
As confidential data collection becomes increasingly important for many organizations, so does the need to protect and secure it. Read on to learn 3 reasons why institutions should pay close attention to data collection during the COVID-19 crisis and what can be done to protect it.
Reason 1: Newly-minted WFH employees and students
The recent surge of remote students, faculty, and campus staff increases the potential for data security risk, prompting a rethink of information security protocols. To make matters worse, hackers often take advantage of crises to exploit vulnerabilities and launch phishing attacks. The probability of data leaks, or worse, data breaches, grows as many newly-minted remote employees are inexperienced when it comes to security protocols. For instance, from an employee and student knowledge perspective, they may not be aware of certain security protocols or educated on best practices to avoid a social hack.
Students and parents may need a refresher on security best practices to protect themselves—for instance, verifying the sender and destination URL before clicking on links in emails that appear to come from their school.
In addition, home computing resources pose a security risk if not protected by corporate security standards/solutions. These scenarios, coupled with an escalation of remote access, are likely to overwhelm IT staff.
To help mitigate these risks and protect sensitive data that’s being collected, it’s important for schools to take appropriate precautions to protect that data. Start with a robust security training program on how to identify/report phishing and understanding data handling policies. Invest in solutions that help to ensure data is both accessible and secure.
68% of IT professionals feel the risk of collecting unsecured, sensitive information has increased due to the current pandemic
Source: 2020 SurveyMonkey Audience Study for IT professionals
Reason 2: Sensitive data collection is on the rise
Many institutions and organizations are adding surveys to their tech stacks to help address the challenges brought on by the COVID-19 crisis. With an increase of surveys—that might range from inquiries about travel plans to questions about possible contact with infected individuals—comes the inevitable flood of personal and health-related information.
There are many ways survey data can help decision-making at institutions in the time of COVID-19. For example, Madison Area Technical College utilized SurveyMonkey’s COVID-19 templates to set up staff and students for success shifting to remote work/study with the goal of establishing an understanding of how students were adapting, what resources were lacking, and how both students and faculty felt about implementing permanent online courses. The feedback from the survey quickly allowed for an action plan to increase their flagship training, Preparing to Teach Online course in summer and moving 70% of the school’s courses online in the fall.
“I felt we really needed to add a question related to the overall health and challenges of faculty who were suddenly tossed into the unknown. Never in our lifetime have we experienced this level of crisis as a college, country, or world.”
Robin Nickel, Director of Assessment, Madison College
Additionally, Rhode Island Governor Gina Raimondo and the Rhode Island Department of Health are using SurveyMonkey with Salesforce to monitor people who have been exposed to coronavirus or tested positive, to understand how the disease is spreading and the effect it’s having on its citizens. See more ways organizations are using surveys to make a positive impact during the COVID-19 crisis here.
A note on HIPAA compliance and PHI: In the U.S., the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities and business associates to ensure the protection and confidential handling of individually identifiable health information (protected health information or PHI)—which can include things such as whether an individual has been tested for the coronavirus or is experiencing symptoms.
HIPAA is often associated with healthcare. Yet many organizations across education, insurance, retail and other industries may also collect PHI, especially during a global health crisis. Because PHI is protected under HIPAA, organizations that are subject to HIPAA compliance and collect it may be held liable if they do not keep that information confidential and secure.
Learn more about how SurveyMonkey can help with HIPAA compliance here.
Reason 3: Unsanctioned technology is growing at organizations
Combined with the fact that as many as 59% of U.S. workers are working remotely, companies are facing an increased risk—where devices and applications used for work purposes are not supported or approved by their institution.
A recent SurveyMonkey Audience study for IT professionals* found that 59% of respondents agree the risk of unsanctioned technology has increased due to the current pandemic. So, how can organizations protect their online data and stay ahead of threats?
The study shows that IT professionals are taking the following measures:
- 29% of respondents are installing new technologies to ensure visibility
and monitoring capabilities - 21% say they are enforcing governance policies
- 14% are restricting access to sensitive data
- 36% are taking action through a combination of the above
87% of customers say that enabling SSO has decreased the risk of sensitive data landing into the wrong hands
Source: 2019 TechValidate study of users of SurveyMonkey Single Sign-On (SSO)
How SurveyMonkey Enterprise can help
SurveyMonkey Enterprise has many features that help protect sensitive data to ensure it remains secure and compliant at your institution. Here are a few:
- Account activity logs show the history of anyone who has accessed the account as well as specific actions they’ve taken.
- Admin dashboard gives insight into users, accounts, and all survey data being collected. It also allows for user management by provisioning accounts and assigning roles and permissions.
- Automatic user logout reduces the likelihood that users will accidentally put information at risk by leaving confidential information on screen for any passerby.
- Centralized data and user management enables admins to reassign the data from people who are leaving an organization, either by choice or not.
- Data encryption (TLS) reduces the risk associated with people taking surveys, no matter the device, ensuring security from the browser back to the server where it's securely stored.
- Options to reduce the identifiable attributes of responses (e.g., IP addresses) helps protect your respondents’ privacy and put their minds at ease. Keeping responses anonymous where possible is a key part of HIPAA compliance.
- PHI share alerts let you know instantly when someone shares PHI, so you can take necessary actions if needed.
- SSO allows organizations to control who can access a SurveyMonkey account associated with their domain, and create authentication policies for increased security.
As organizations and schools continue to navigate the challenges brought on by the COVID-19 crisis, IT professionals should consider the type of data that’s being collected and how it’s being managed.
Learn more about our enterprise-grade security and how you can safely collect feedback at scale here. Interested in talking to an expert? Get started.
*Methodology: This poll was conducted online on May 28, 2020 among a total sample of 263 adults age 18 and over living in the United States, employed full-time. The research was performed via SurveyMonkey Audience, an online panel where respondents take surveys in exchange for compensation.
