Device theft a growing concern on campus

Annual survey of campus IT leaders indicates device theft is their top IT security concern

35 percent of campus IT leaders reported the theft of a computer, phone, or thumb drive with confidential data this year.

The theft of computing devices with confidential data on them is a growing concern for campus IT leaders, a national survey suggests.

For the past five years, the percentage of IT leaders reporting the theft of devices on their campus has hovered around 20 percent. This year, it rose to 35 percent, according to the 2013 Campus Computing Project survey.

Casey Green, director of the Campus Computing Project, cautioned higher-education leaders not to read too much into this finding.

He said one possible reason for the increase is the way the question was phrased. In the past, he has asked campus IT leaders whether they have experienced the loss or theft of a computer with confidential data. This year, he amended the question to read “a computer, phone, tablet, or thumb drive.”

Still, Green said, “the larger issue is, there’s lots of [data] on lots of devices” around campus—and that poses a real security risk.

See also:

Key campus technology challenges ‘no longer about IT’

While attacks on campus networks are still the No. 1 IT-related security threat for colleges and universities, the theft of devices with sensitive information is now the second most common IT security threat that colleges face, the survey indicates.

And campus IT leaders have taken notice: The loss or theft of a computing device with sensitive information now ranks as their top IT security concern.

Three out of four survey respondents cited this as a key concern, while about 70 percent cited attacks on their campus network.

(Next page: Surprising information about IT security and data recovery plans)

Social networks continue to present security challenges on campus, the survey indicated, with more than 20 percent of universities and public four-year colleges reporting a student security incident linked to a social networking site in the last year.

Perhaps surprisingly, 23 percent of institutions still don’t have a strategic plan for dealing with network and data security—and 33 percent lack a strategic plan for IT disaster recovery.

Green said any number of factors might contribute to this finding: At some schools, these plans might still be in development, while at others, revolving IT leadership or competing priorities might have gotten in the way. Still other institutions might have procedures in place, but not an overall strategic plan.

“It’s usually the other way around,” he said, but some campus leaders might have adopted an approach of: “Do first and plan later.”

For more news about campus security, see:

Enhancing Campus Security: What You Should Know