With our children and many of us getting ready to go back to school, it’s a good time to ask: How secure are our school records?
One of the stories that floated under the wire this summer was the number of colleges that announced that their databases had been breached. Stanford University has had its information systems breached twice since May, but a number of other schools—the University of Delaware and the University of Virginia, to name two—also admitted to data breaches over the summer months.
On the heels of all of these data breaches comes a study by HALOCK Security Labs that found that too many colleges are not doing enough to protect student records. As Jeff Goldman pointed out in an eSecurity Planet story, the study found that:
50 percent [of colleges studied] allow for the transmission of sensitive information via unencrypted e-mail, and 25 percent advise applicants to submit personal information, including W-2s, via unencrypted e-mail.
Of course, it isn’t just student records that the hackers are attempting to access. A New York Times article added that college networks are constantly under attack:
Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical devices.
Research universities are increasingly finding their networks are the targets of foreign hackers, many looking to steal intellectual property. The New York Times article quoted an associate dean from the University of Wisconsin who said it isn’t unusual for his school’s network to see upwards of 100,000 attempts to hack into the network per day.
Like in the enterprise world, fixing cybersecurity and preventing data breaches on college campuses will take a change in culture. Academics leading these universities will need to think more about risk management and who has access to the school’s data. University IT departments must protect all school data just the same as any enterprise would. In fact, we should all learn more about our schools’ cybersecurity policies, and parents (and students) should step up and be vocal about how student records are transmitted and stored.