You are here


Keeping Universities Safe from Data Breaches

Posted by Paula Skokowski

Recent data breaches at lTarget, Sony and the U.S. Government's Office of Personnel Management have garnered considerable media attention.

But sizable data breaches have taken place at other organizations, too. One industry that doesn't get a lot of attention is education, namely universities. According to Privacy Rights Clearinghouse, 30 educational institutions experienced data breaches in 2014, and five of these breaches were larger than the Sony breach.

Why are hackers targeting universities? In some cases, they are after classified research, such as research into industrial design or pharmaceuticals. In other cases, they are after the Personally Identifiable Information (PII) of university employees and students. Like PII from any other source, PII can be sold on the black market and used for identity theft.

In other cases, the hackers are students trying to change their grades. That was the case at Purdue last year when a student, Roy Sun, hacked into the school’s computer systems and changed his F grades into A grades. He was caught, forced to return his diploma, and sentenced to 90 days in jail. Students have also hacked into professors’ computers to steal tests, which can be resold to other students.

Guarding against data breaches is difficult at any organization, but it can be especially difficult at universities, which pride themselves on their transparency. Education may work best with a free and open exchange of ideas, but this culture of openness can be a vulnerability when it comes to cybersecurity. The trusting environment in which a professor might step away from her laptop in the cafeteria or quad for 15 minutes is also a risky environment in which malcontents can install keyloggers with little suspicion.

However universities go about strengthening their defenses against data breaches, their IT security is going to have to take into account mobile devices, such as smartphones, laptops and tablets. A recent Harris Poll conducted on behalf of Pearson found that 81% of students think tablets will transform the way students learn in the future. Currently, most students use mobile devices for school work, specifically:

  • 89% of students use laptops
  • 56% use smartphones
  • 33% use tablets

In addition, 74% think tablets make learning more fun. Of course, professors and other university staff are using mobile devices as well.

For universities, the best defense against data breaches is a multi-layered approach that includes:

  • Educating students, staff and faculty about the dangers of phishing attacks, keyloggers, and other security threats.
  • Making sure that all IT systems are up to date with patches, since most data breaches today still involve unpatched systems.
  • Using a multi-tiered mobile content management solution that both simplifies secure mobile access to multiple content repositories and ensures that valuable content, including research, is kept secure, regardless of where it resides or what device happens to be accessing it.

Accellion's kiteworks secure mobile content platform enables mobile device and desktop users to quickly, easily, and securely access content without the need for VPNs. At the same time, kiteworks protects content with rigorous access controls and encryption of content in transit and at rest. Even if students have downloaded risky apps onto their smartphones and tablets, confidential content remains safe on devices inside a kiteworks “secure container”. Faculty and students can also use kiteworks to watermark content, to distribute content in View Only mode that prevents copying or forwarding, and even to withdraw content after distribution. The platform supports whatever devices students, faculty, and staff happen to be using, including smartphones, tablets, laptops, and desktops.

Finally, the kiteworks solution supports openness among trusted users, while providing rigorous security controls to guard against data breaches.

A number of the world's leading universities use Accellion to help protect confidential information including: Harvard Business School, Pepperdine University, Rutgers University, Georgia Institute of Technology,  Harvard Kennedy School, Texas A&M - Kingsville, Swinburne University of Technology, University of Miami, Flinders University, Australian Institute for Teaching and School Leadership, and the National Institute of Education (NIE), Singapore.

Learn more about the use of kiteworks for educational institutions here.