According to records from the settlement and interviews with university spokespeople, the affected data on 1.2 million individuals was collected as part of a social and economic sciences research that spanned 15 years. It contained addresses, social security numbers, college admissions test results, contact information, career and health data. Not only was the confidential data not encrypted, it was stored in a hard drive in a self-storage locker where security was minimal, without a security camera in the vicinity. The hard drive was stolen from the storage facility in 2017 in an objectively undramatic fashion.
The cautionary tale is a case not only for ramping up cybersecurity resources and preparedness, but also for raising basic security awareness for students, researchers, faculty members, and other business or public-sector staffers not typically classified as cybersecurity personnel.
An unencrypted database of millions in an unsecure location has no place in today’s world. Some used to consider cybersecurity a niche–now, it should be Business 101. Anyone in an organization that comes in contact with data should be trained in cybersecurity.
In April 2019, the AppRiver Cyberthreat Index for Business Survey found only 30 percent of all C-level executives and IT decision-makers at U.S. nonprofit organizations store their most confidential data exclusively on a secure network. Fifty percent say it is stored across a mix of secure and unsecure locations and devices, while 20 percent surveyed admit their most confidential data is stored in unsecure locations or they do not know where it is stored.
Who can benefit from cybersecurity awareness?
Overall, 52 percent of all small-to-medium-sized businesses and organizations report their most confidential data is stored on a secure network; 48 percent say it is not. Even within the technology sector, where one may assume data security should be standard practice, only 55 percent of all SMBs surveyed for the AppRiver study report their most confidential and important data is stored exclusively on a secure network or location.
It is not an exaggeration that everyone in business today, regardless of company size or industry, could benefit from higher cybersecurity awareness. The alternative is to brace for higher odds of falling victim to cybercrimes. Hackers are everywhere, and they will target every point of entry if we are not more vigilant.