The Federal Trade Commission’s proposed settlement with GoDaddy has implications for businesses and higher education institutions. With increasing reliance on web hosting providers for student portals, learning management systems, and alumni engagement platforms, colleges and universities must prioritize security when selecting and managing these services.
Here are four lessons from the GoDaddy case that higher education institutions should consider:
Evaluate Your Hosting Provider’s Security Practices
In the context of higher education, sensitive data—such as student records, financial information, and research data—must be protected. Institutions should ensure their hosting providers:
- Encrypt sensitive information, both in transit and at rest.
- Implement strict access controls to protect administrative and user accounts.
- Regularly monitor and log access to critical systems, like student portals or admissions platforms.
As stewards of student and faculty data, higher education institutions must demand transparency from vendors about their security practices.
Enforce Multi-factor Authentication (MFA)
Universities frequently manage accounts for thousands of students, faculty, and staff. Implementing MFA for web hosting platforms and campus-wide systems is critical in preventing unauthorized access to accounts. If your hosting provider doesn’t offer MFA, it’s a sign that their security measures may not align with the needs of a modern institution.
Regularly Audit Third-Party Vendors
Higher education institutions often work with multiple vendors for hosting, LMS platforms, and research systems. Regular security reviews are crucial to ensure compliance with regulations like FERPA, GDPR, and HIPAA (for health-related programs). Request vendor certifications, such as SOC 2 Type II or ISO 27001, to verify their adherence to industry standards.
Learn from Real-World Consequences
The risks of lax data security are significant in higher education, where breaches can impact students, staff, and alumni. From phishing attacks targeting students to compromised alumni donation platforms, the stakes are high. Proactively addressing these risks with strong vendor management practices can protect institutional reputation and community trust.
As technology transforms higher education, institutions must stay ahead of evolving cyber threats. By selecting secure hosting providers, enforcing MFA, and conducting regular audits, universities can safeguard sensitive data and maintain the trust of their stakeholders.
The FTC’s guidance offers an opportunity to reflect on current practices and take proactive steps to mitigate risks. Read the FTC’s blog post here for more insights.
