Misplaced USB drives or other portable storage devices account for several of the most recent security-breach instances in higher education. And campus technology chiefs have a simple solution for preventing such data loss from occurring, security experts say: Transport files on the web, where campus technology officials can track them.
Colleges and universities, like corporations and government agencies, see Social Security numbers, birth dates, account numbers, and other sensitive information stolen every year after an employee reports a portable storage device missing.
New York University’s Langone Medical Center reported in August that patient records, home addresses, and other information had been lost on a missing USB drive that contained diagnostic test results for about 250 patients. And at Rice University last month, more than 4,000 students and staff members had their Social Security numbers compromised when a portable storage device was reported stolen.
Like Rice did, universities typically provide free credit-monitoring services to ensure that any fraudulent purchases are detected and corrected in the event of data loss.
The potential for portable storage devices to be left on a desk or dropped from a pocket or briefcase makes web programs designed to send large files a logical alternative for campus technology officials who have been burned by an embarrassing security breach.
“Some people take great care of their USB drives, and some don’t,” said Hugh Garber, an official for Ipswitch, a Massachusetts-based company specializing in secure and managed file transfer. “And very often, it’s … your hardest-working employee who’s trying hard and not trying to be malicious. They’re trying to move information and do something better than it’s ever been done.”
An Ipswitch survey conducted at an international security conference in May showed that four in 10 respondents had used “personally owned [portable] storage devices” to back up work files every month. Eighty-eight percent said they used USB or thumb drives to move company information, according to the survey.
Portable storage devices can be made more secure through encryption or requiring a fingerprint to open certain files on the device, Garber said, but sending data-intensive files via the web creates a record of the transfer that campus technology staff can refer back to.
“It’s really no more technical than sending an eMail,” Garber said about using web programs for sending large files that might have too many gigabytes for a standard eMail system to handle. “Nothing is Fort Knox, of course, but creating a log of what’s being sent out is really what’s important.”
While Ipswitch offers its own web-based program for sending large files of up to two gigabytes, there are many other online services that let users attach and send massive files securely. TransferBigFiles.com, for example, allows users to attach up to 25 files of 100 megabytes, or two gigabytes for account holders.