Data Diet Can Create Digital Safety Awareness at Universities
College campuses with their fast Internet networks, active social networkers and troves of personal data on thousands of students are hotbeds for hackers. And in the wake of two recent large-scale university data breaches, a top fraud expert believes schools have a duty to educate their students about how to stay safe in such a digitally dangerous environment.
You've got tons of data on current students, alumni, faculty, said Brian Lapidus, chief operating officer for Kroll Fraud Solutions. From a target perspective, what could be better than higher education if you're a thief? What's a better area to hit than a school?
In late September, a breach at the University of North Florida exposed the names, dates of birth and Social Security numbers of nearly 107,000 students. And just a few weeks ago on Oct. 29, the University of Hawaii discovered that the Social Security numbers and grades of more than 40,000 students had been mistakenly posted online for nearly a year.
In fact, in the first nine months of 2010, the Identity Theft Resource Center reported 48 university data breaches. It's a statistic that Lapidus expects to rise unless mitigating steps are taken.
Education, Lapidus said, is where class has to start.
Schools have to understand what data they have, and how to properly secure that data, he said. They need to teach students what to do, so all of a sudden you have an entire campus aware of data security. Education is the cornerstone of preventing data breaches from happening.
Lapidus believes an important first step towards educating students and staff about data privacy is to run educational campaigns on campuses to make students aware of the amount of sensitive data a school has about them, and how to appropriately protect it.
Universities have an opportunity to engage students to be risk managers, Lapidus told SecurityNewsDaily.
It's not just administrators and information technicians that need to do the educating. Students, Lapidus argues, need to be discreet with data, especially in the age of rampant social media, where you can tweet , you can Foursquare, and everybody shares everything.
'Data Diet' needed
Lapidus called for schools to go on a data diet , in which people (administrators as well as students) get rid of stored information they donâ??t need , information that may put them at risk if leaked.
He uses the example of a university hospital to illuminate his point: Hospital staff needs information such as a patient's blood type, while the registrar's office or study abroad office, or faculty does not. This type of information audit will go a long way toward increasing security and limiting the amount of sensitive data exposed should a breach occur.
Lapidus said he has seen an uptick in awareness, in all industries regarding data security. Many schools have stopped issuing student ID cards that contain the student's Social Security number.
We're starting to see some security," he said, "but we're a long way from being done.
- Identity Theft Protection Services Review
- How to Tell if Your Child's Identity Has Been Stolen
- IDENTITY GUARD