January 7, 2009
Number of Data Breaches at Colleges Still on the Rise
The number of data-security incidents across the country rose 47 percent between 2007 and 2008, and more educational institutions reported incidents last year than ever before, according to a new report from the Identity Theft Resource Center, a nonprofit organization.
The center identified 656 breaches in 2008, with 131 of them taking place at colleges or secondary schools. In 2007 there were 446 breaches reported, with 111 of them at schools or colleges.
“Some universities and colleges over the years have had multiple breaches—that’s dismaying,” said Linda Foley, the center’s founder, in an interview today. “You would think after the first or second breach that there would be a change in policy and a change in the IT procedures where this would not continue to happen.”
Still, colleges are not suffering any greater increase in breaches than other sectors, according to the report.
We would link to the report, which was available at the center’s Web site, but the site appears to be slow or unresponsive this afternoon. Ms. Foley assures us that the site is not suffering from a cyberattack. —Jeffrey R. Young
Posted on Wednesday January 7, 2009 | Permalink |Comments
Commenting is closed for this article.
Previous: Faculty Members Given Laptops May Incur Taxes
Next: Letter to the Editor: Librarians and Tech Officials Must Get Along to Meet Future Challenges
Security at colleges is terrible and from my experience not improving at all. With a recession I don’t see how they will be spending money on security.
Take a look at the credit crunch warning for schools:
http://www.educationinfo.co.uk/credit-crunch-warning-for-schools.htm
— Shaun Jan 8, 03:43 AM #
Computer networks at educational institutions by their nature are more open than their corporate counterparts.
On a basic level, how many corporate enterprises have thousands of employees bringing their own computers to work to hook up to the network?
This is the case at colleges with students bringing their own computers to hook up to the network.
Schools can take great basic steps like scanning student computers before authorizing them to access the network, and providing free antivirus software. Firewalls and gateways can be installed at the network level to help detect malicious activity.
Still, student computers are not managed in terms of antivirus updates, OS updates, spyware scans, software install lockdowns/prohibitions, etc. And they routinely hop on other networks at home, cybercafes, etc.
Can more be done to prevent data breaches at colleges? Certainly, since these breaches often happen on college-owned computers and servers, which can be more locked down. Even routers and switches are often installed with their default usernames and passwords unchanged.
How many colleges even take the basic step of encrypting laptops to prevent data breaches when laptops are stolen? There is free software to do this, and means to back up passwords.
(Had the VA laptop that was stolen been encrypted, there would have been little concern about the vast number of social security numbers on that laptop.)
— Rob S. Jan 8, 09:31 AM #