How Colleges are Becoming Data Breach Gold Mines

15 01 2010

Image Courtesy of Fleming College

In the past few weeks, there have been four separate US collegiate data breaches announced.  The total number of records compromised was around 200,600.  From a successful phishing attempt to a malicious file sharing software installed on network machines to a malware assault and a direct hack into a university library system server, all of these breaches swiftly pilfered large amounts of data with ease.

So, why colleges?  What do universities have that make them so susceptible to massive data breaches?  The answer is in the body.  The student body, that is.  A university’s main source of income is people.  The best way to track these moneymakers is to contain their information.  As anyone who has ever filled out a college application knows, they receive every minute detail about one’s past and present, right down to mother’s maiden name and father’s yearly income.

Employees in universities need access to this information as well, since each department, whether it’s the health clinic or the registrar, deals with students.  The amount of users with access to it all is exponentially larger than an average organization containing such data.

The end result is a gold mine for data breaches.

As a college student, I know that we tend to have money trouble as it is.  To have our information then stolen by someone who plans to use it for monetary gain is just icing on the stale cake of financial problems.

So, as always, what’s the solution?  Well, it may be easier than we think.

For instance, instead of simply password protecting student information, perhaps encryption could help contain the information within the database.  Any hacker could phish a password, but to run into detailed encryption upon entry would deter many of them.  Also, the use of a secure and compliant file transfer solution would eliminate any holes during correspondence with the database and its users.  Whether in rest or in motion, the data could maintain security only accessible by the sender and receiver.

As we move forward, colleges should aim to secure all of their critical data and make 2010 safe for students everywhere.  Also, avoiding tuition hikes would be nice.  Just sayin’.

Advertisements




HIPAA, HITECH and Economic Stimulus?

4 09 2009

One never knows these days whether legislation will contain items affecting your business and not staying informed can be costly.

The recent American Recovery and Reinvestment Act of 2009 not only addresses economic stimulus but contains powerful modifications to the HIPAA’s Privacy and Security Rules. These new regulations are known as the Health Information Technology for Economic and Clinical Health, or The HITECH Act.

From my initial research on this new legislation, the implications are far reaching for any business associated with health care organizations – think accountant, lawyer, pharmacy to name just a few. Under HITECH business partners must adhere to the same rules and regulations defined in HIPAA’s Privacy and Security rules as the healthcare organizations themselves and are subject to the same penalties. A simple example is email communication and document exchange. Exchanges between healthcare providers and their business partners containing protected health information (PHI), such as a prescription order sent by a doctor’s office to the pharmacy, must be secure and encrypted. When these new regulations become effective, communicating with business partners via standard email and FTP will not be sufficient.

How is your organization making plans to comply with the new rules?

Here are a few links I found useful for further reading:
http://www.hipaa.com/2009/07/transmission-security-encryption-what-to-do-and-how-to-do-it/
http://healthplans.hcpro.com/content.cfm?content_id=228444&topic=WS_HLM2_HEP
http://www.itbusinessedge.com/cm/community/features/articles/blog/hitech-act-ramps-up-hipaa-compliance-requirements/?cs=31575





Going Social Doesn’t Need to be Risky

31 08 2009

At some point in your business day you probably check out a social networking site or two, but what are you saying? Who are you saying it to? Is it business information or just business as usual?

Social networking services like Facebook and Twitter foster a false sense of security and lead users to share information which can be used by cybercriminals and social engineers. The very concept of social networking is based on connecting and sharing, but with who?

A recent study found that many users simply accept requests to connect even if they do not know the person they are connecting with. The actual numbers found that 13% of Facebook users and a whopping 92% of Twitter users simply connect with anyone who asks.

Managed not just your profile, but your network.