Universities brace for another year of security breaches

More than half of colleges and universities transmit various kinds of sensitive information – including financial details – over unencrypted channels, according to a survey conducted by HALOCK Security Labs, a security firm based in Illinois.

This past summer, the University of Wisconsin reported 100,000 cyber-attacks from Chinese IP address every day. In August, the Kentucky Department of Education’s Infinite Campus network was hit with a denial-of-service attack (DDoS).

Embry-Riddle had its own security concerns when the university decided it wanted to track employee access to sensitive data.

Not only did the school lack a system-wide way of doing this, the distance between individual campuses made enforcing security policies a virtual nightmare. Embry-Riddle has residential campuses in Prescott, Ariz., and Daytona Beach, Fla. — as well as more than 130 smaller locations in four different countries, including the Middle East.

The university was able to use a suite of security products by Oracle Identity Management to create a way of automating giving and revoking acess privileges to 60,000 accounts. Bixler said security efforts have to go further than just software, however.

“Security is every employee’s job, staff and faculty,” she said. “We focus on educating staff and faculty on their role in keeping the data they have access to secure. This is a continuous education effort as the security landscape changes.”

A major part of that changing landscape is the proliferation of mobile devices on campus. At Cornell University’s Weill medical College, for example, the office of academic computing transfers files between internal researchers and external researchers using smartphones and tablets.

While using mobile devices makes transferring data easier and more convenient, it also leaves the information more open to cyber attacks, Bixler said. Finding a safe compromise is key.

“It is a balancing act,” she said.

Al-Khabaz, who fought his expulsion but was never able return to school, said the ease of which he was able to “fiddle around” in one of the most widely-used university computer systems in North America points to serious security concerns that still need to be addressed on some college campuses.

“These systems are truly not always very well-protected,” Hamed said.

Follow Jake New on Twitter at @eCN_Jake.

Latest posts by Jake New (see all)