How to avoid accidental data breaches

Universities house a large amount of personal student and employee data.
Universities present particular challenges in securing sensitive information.

College campuses are centers for learning and exploration, where students and faculty develop, exchange, and trade information. More than most other organizations, colleges and universities are in a continuous state of information sharing and data creation, and they rely heavily on the ability to seamlessly share, store, and protect that information within their communities and among their partners.

What’s more, life on a campus is always in flux. Students and faculty come and go, and their need to access certain information, not to mention physical campus locations such as dormitories and labs, is fluid.

As a result, the university setting causes big headaches for chief information officers and other technology professionals who are charged with securing the data that reside on a university’s computer systems—everything from proprietary research to students’ financial and personal data.

Involuntary threats from within

While most CIOs spend their days worrying about the external hacking threats, a university’s greatest vulnerability comes from its own students, faculty, and administrative staff. Across the higher-education field, too many insiders have access to sensitive information that they should not be privy to, and the outcome can be highly disruptive and damaging to a university’s operations and reputation.

Making matters worse, most data security breaches are actually the result of students or faculty unwittingly acting as an accomplice to an internal or external threat.

In fact, in many data-breach cases on college campuses, there is no malicious intent on the part of the insider—even though they are the primary facilitator of the crime. University computer systems are a hotbed for all types of personal information, including names, Social Security information, and addresses—making them especially enticing for identity thieves.

Hackers realize that most computer users lack the sophistication and understanding of computer systems and data-sharing, and they leverage that to its fullest extent. As a result, they create strategies to trick users into sharing private and sensitive information without ever knowing they are doing so.

For example, it’s not uncommon for students to install file-sharing software using university computers connected to the school’s IT systems. The student, in most cases, perceives this to be an innocuous activity. In reality, however, the student’s actions provide an entry point for a hacker to compromise the security of the overall computer network. It is a seemingly innocent step taken by a student or employee that ultimately enables a cybercrime to take place.

Laura Ascione