Digital risks at institutions of higher learning have traditionally been viewed as a low priority when compared to other risks such as student safety.
However, with a notable increase in the size and scope of recent data breaches in the higher education sector, it has become abundantly clear that colleges and universities need to implement necessary protocols to manage cyber risk.
Nearly 73 percent of network security events in higher education are attributed to malicious attacks (Kroll, 2013 case study) and more than 114 higher education breaches have been reported in the past two years, exposing over 2.2 million records (Privacy Rights.org).
Student, faculty, and extended family information as well as prospective student and family financial data is readily available within educational databases, making university files a ripe target for hackers. That database grows larger each year as new applicant records are collected.
Recent university data breaches highlight the necessity to update protective systems, implement security processes and educate staff on myriad ways in which data has been and can be compromised.
Auburn University – On March 2, 2015 University of Auburn staff noticed that personal information stored on an internal server had been accessible for six months. Information including social security numbers, birth dates, email addresses and academic information of 370,000 current, former and prospective students, was available during this time. This incident was identified as an internal hardware update failure. The University responded by providing two year credit monitoring, identity protection and restoration services.
University of Maryland – In February 2014, hackers accessed a database of more than 300,000 students, faculty and staff. The records included name, social security numbers, birth dates and university identification numbers from two campuses dating back to 1998.