Skip to main content

Protecting student data is top priority at Transact Campus

Andy Potanin | February 16, 2023

Technology

 

If you use a smart phone, laptop, or other electronic device, you are vulnerable to having your information compromised. According to a study by Statista.com, over 422 million individuals were affected by data compromises in 2022, which included data breaches, data leakage, and data exposure. And while we all need to remain diligent in protecting our own personal information, we also need to rely on companies like Transact to keep our data safe. Transact recognizes that our duty protecting higher ed student data is just as important as collecting it for campus payment and ID solutions. For this reason, we continuously take proactive measures against cyber threats, and that includes complying with government mandates such as Executive Order 14028. 


 

                        



Executive Order 14028 was passed to enhance our nation’s cybersecurity by requiring government and private entities to safeguard against cyber threats. This order demonstrates a commitment to strengthening our national security and protecting the public, a commitment fully supported by Transact. 

 

What is Executive Order 14028? 

Executive Order 14028 was designed to improve our nation’s cybersecurity. Issued on May 12, 2021, it requires agencies to enhance cybersecurity and software supply chain integrity. Here is a summary of Executive Order 14028 requirements, according to the U.S. General Services Administration: 

  • Requires service providers to share cyber incident and threat information that could impact Government networks 

  • Moves the Federal government to secure cloud services, zero-trust architecture, and mandates deployment of multifactor authentication and encryption within a specific time frame 

  • Establishes baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available 

  • Establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make recommendations for improving cybersecurity 

  • Creates a standardized playbook and set of definitions for cyber incident response by Federal departments and agencies 

  • Improves the ability to detect malicious cyber activity on Federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government 

  • Creates cybersecurity event log requirements for Federal departments and agencies 

  • Requires amendments to the Federal Acquisition Regulation (FAR) to align with requirements in the EO 

 

As a leading provider of higher education integrated solutions for tuition and other student expense payments, multi-purpose campus IDs, and campus commerce, Transact is committed to ensuring that all client and student data is safe from cyber security breaches. When Executive Order 14028 was signed into law, Transact was already well-prepared. We have long been diligent in protecting student data, with numerous protocols and safeguards that were already in place. These measures are designed to protect student identities and information, help ensure secure communication between clients, and provide appropriate access control for transactional data. 

 

Our cybersecurity framework provides comprehensive guidance on how to securely manage customer accounts and transactions. The framework is based on a set of principles that emphasize proactive monitoring, incident response processes, risk assessment and management protocols. It also incorporates technical safeguards such as encryption and authentication technologies to protect sensitive data from unauthorized access. In addition, we have adopted advanced authentication procedures including two-factor authentication for all customers, enabling an extra layer of security when accessing personal or financial information. 

 

Transact also implements a series of best practices for detecting potential threats or suspicious activity such as monitoring network traffic for unusual patterns or outbound requests from identified malicious actors. Additionally, we continuously update our systems with new patches and software upgrades to ensure systems remain up-to-date with the latest security features available in order to reduce the likelihood of attack vectors being successful against our system. Furthermore, Transact ensures that staff members understand the importance of data privacy and have the necessary understanding of these regulations through training sessions held regularly throughout the year led by expert personnel within the company. 

 

In addition to implementing technical controls such as encryption technology, authentication methods, threat detection techniques and system updates; Transact also ensures compliance through its organizational policies which emphasize accountability at all levels within the company. These include processes such as periodic risk assessments and audits performed both internally using specialized teams as well as externally by independent third parties who will evaluate if certain safety criteria have been met by our systems. Moreover, strict access controls are enforced to limit user access only when it is absolutely necessary for their role within the organization. Our systems are also augmented with logging mechanisms which monitor user activities and any suspicious behavior for further investigation if necessary. We also partner with companies who have the same high standards we do when it comes to data safety and security. 

 

Finally, in addition to the above-mentioned measures taken by Transact in order comply with Executive Order 14028, there are other preparations being made such as continuous monitoring services, which use sophisticated algorithms and analytics tools to monitor traffic both inside and outside networks belonging to organizations connected with Transact. This allows us to detect potential threats before they even become a problem thus helping mitigate any potential damage caused. We also have various incident response plans created beforehand so they know exactly what steps should be taken once an issue reaches a certain threshold therefore allowing them to quickly address issues without delaying resolution time. Last July, we launched our Security & Trust Center, a place where clients can easily access the latest information about our data security practices, protocols, and compliance measures.  To learn more about our commitment to quality control and high security standards, visit here


Andy Potanin

Andy Potanin

Cloud Automation Manager

Andy Potanin

Andy Potanin

Cloud Automation Manager