Colleges failing computer security.

Position:UP FRONT: News, Trends, & Analysis

If recent events are any indication, some U.S. colleges need to be taught how to protect computers containing personal information.

In April, administrators at the University of California, Berkeley, revealed that a computer laptop containing the names and Social Security numbers of nearly 100,000 people--mostly graduate school applicants--had been stolen. It was the second time in six months that UC Berkeley has been involved in such a theft.

Just days earlier, Northwestern University reported that hackers who broke into computers at its Kellogg School of Management may have accessed information on more than 21,000 students, faculty, and alumni. And the same month, officials at Chico State University announced a computer breach that may have exposed personal information on 59,000 current, former, and prospective students.

There is no evidence that any of the compromised information has been used to commit fraud. But, according to the New York Times, these incidents highlight the vulnerabilities of modern universities, which are "heavily networked, widely accessible, and brimming with sensitive data on millions of people." In other words, they are ripe targets for cyber criminals.

"Universities are built on the free flow of information and ideas," Stanton S. Gatewood, chief information security officer at the University of Georgia, told the Times. Georgia is investigating a hacking incident last year that may have exposed records on 20,000 people. "They were never meant to be closed, controlled entities. They need that exchange and flow of information, so they built their networks that way," said Gatewood.

According to Gatewood, that free flow has translated into a highly decentralized system that has traditionally granted each division within a university a fair amount of autonomy to set up, alter, and otherwise maintain its own fleet of networked computers. This means various servers that handle mail, web traffic, and classroom activities in a university's colleges don't necessarily report to the central IT...

To continue reading