Wylie has good reason for being on edge about Heartbleed. Universities are struggling enough to keep data secure even without the bug.
The University of Maryland was the victim of a massive data breach earlier this year that compromised 287,580 records. Just four weeks later, another hacker accessed sensitive information of administrators, including the social security and phone numbers of Wallace Loh, the university’s president.
Earlier this month, a data breach at North Dakota University exposed nearly 300,000 records. In February, Indiana University realized it had left names, addresses, and social security numbers of 146,000 students and recent graduates exposed for 11 months.
Between these three universities, and in just the first three months of the year, nearly 750,000 higher education records have been put at risk.
At the current rate, data breaches can easily keep pace with last year, which saw more than 3 million records compromised.
Higher education networks are 300 percent more likely to contain malware than their enterprise and government counterparts, according to OpenDNS, an internet security company. And, in 2013, HALOCK Security Labs found that 25 percent of universities had put sensitive information at risk through using unencrypted emails.
“Universities need to get serious about securing their environment,” said Terry Kurzynski, a senior partner at HALOCK. “They need to be sure that they are following security standards, as well as the laws and regulations that require the protection of personal information.”
Kurzynsiki noted that the task can be easier said than done, however.
“Universities in general have limited budgets for information security, and therefore struggle to comply with the numerous laws and regulations regarding the data in their custody,” he said.
Follow Jake New on Twitter at @eCN_Jake.