The best way to avoid data loss on campus


A misplace USB can be a nightmare of college IT officials.
Misplaced portable storage devices can be a nightmare for campus technology officials.

Misplaced USB drives or other portable storage devices account for several of the most recent security-breach instances in higher education. And campus technology chiefs have a simple solution for preventing such data loss from occurring, security experts say: Transport files on the web, where campus technology officials can track them.

Colleges and universities, like corporations and government agencies, see Social Security numbers, birth dates, account numbers, and other sensitive information stolen every year after an employee reports a portable storage device missing.

New York University’s Langone Medical Center reported in August that patient records, home addresses, and other information had been lost on a missing USB drive that contained diagnostic test results for about 250 patients. And at Rice University last month, more than 4,000 students and staff members had their Social Security numbers compromised when a portable storage device was reported stolen.

Like Rice did, universities typically provide free credit-monitoring services to ensure that any fraudulent purchases are detected and corrected in the event of data loss.

The potential for portable storage devices to be left on a desk or dropped from a pocket or briefcase makes web programs designed to send large files a logical alternative for campus technology officials who have been burned by an embarrassing security breach.

“Some people take great care of their USB drives, and some don’t,” said Hugh Garber, an official for Ipswitch, a Massachusetts-based company specializing in secure and managed file transfer. “And very often, it’s … your hardest-working employee who’s trying hard and not trying to be malicious. They’re trying to move information and do something better than it’s ever been done.”

An Ipswitch survey conducted at an international security conference in May showed that four in 10 respondents had used “personally owned [portable] storage devices” to back up work files every month. Eighty-eight percent said they used USB or thumb drives to move company information, according to the survey.

Portable storage devices can be made more secure through encryption or requiring a fingerprint to open certain files on the device, Garber said, but sending data-intensive files via the web creates a record of the transfer that campus technology staff can refer back to.

“It’s really no more technical than sending an eMail,” Garber said about using web programs for sending large files that might have too many gigabytes for a standard eMail system to handle. “Nothing is Fort Knox, of course, but creating a log of what’s being sent out is really what’s important.”

While Ipswitch offers its own web-based program for sending large files of up to two gigabytes, there are many other online services that let users attach and send massive files securely. TransferBigFiles.com, for example, allows users to attach up to 25 files of 100 megabytes, or two gigabytes for account holders.

DropSend.com claims to have sent more than 18.8 million large files, and it offers storage of up to two gigabytes as well. Fee-based file transfer sites include SendThisFile.com, which features transfers of up to 90 gigabytes for $69.95 a month.

Campus technology officials saw a rash of security breaches over the summer, resulting in substantial data loss.

At least three universities—the University of Maine, Penn State University, and Florida International University—reported a security breach in June, resulting in compromised Social Security numbers, academic and financial records, and other information for about 40,000 students and faculty across the three institutions.

These universities and others that have scrambled to alert faculty and students of data loss in recent years are not alone, according to research from the Identity Theft Resource Center, a San Diego-based nonprofit organization.

The number of reported data security breaches in schools and colleges increased from 111 in 2007 to 131 in 2008, according to a 2009 report released by the center. Data-security crimes jumped by 47 percent overall between 2007 and 2008, according to the research.

Raymond Rose, an online education expert who has helped establish web-based learning programs, said USBs are not only unreliable because they can be lost, but because the devices can carry viruses that will damage campus computers.

Moving massive files back and forth over the web, he said, is preferable to using USBs and other storage devices. Internet-based file transfers, however, have a down side.

“A file transfer over the internet may be safer than a USB device because some do include anti-virus checks,” Rose said, “but may not be more secure if the classic situation of  password and username are on a sticky note on the side of the monitor.”

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.