According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions affected--perhaps the more telling statistic--increased 59 percent from the year before. Unfortunately, the problem of information security will continue to get worse before it gets better, forcing institutions to communicate regularly about data security and high-risk information policy. New laws in several states are spurring change, requiring institutions to publicly report data breaches when they occur. Educational institutions need to have not only a better and more timely view into data breaches, but also a communications policy in place that reaches anyone with physical or virtual access to high-risk security information. Such information can include social security numbers, driver's license numbers, state ID numbers, financial account numbers, credit or debit card numbers, and biological indicators such as iris scans and fingerprints. From malicious computer viruses to seemingly innocent file sharing gone awry, high-risk security information can be compromised in many different ways. In addition, each new security breach seems to cause greater damage than its predecessor. Understanding the security threats that are out there, and putting technology policy and communication strategies in place to protect against them, is essential to protecting any institution, large or small. Communicating about a security policy requires long-term attention. Constantly deploying new communications campaigns might not be necessary, but an institution must have a strategy for keeping its message top of mind. By continuing to monitor and communicate high-risk information policy, an institution can avoid making headlines for all the wrong reasons.