our company | our solutions | custom applications | secure hosting | managed services | technology consulting | news | contact us | home
 
Articles
Listen to Radio Interview
Evolving Threat
Evolving Threat Webinar
Addressing the Top 5 IT Concerns for Financial Advisory Firms
What Are You Doing to Stop Security Saboteurs?
Commonwealth boosts security with Pragmatix Gold Contract
A Tech World
Controlling the IT, Compliance Strain
Is Wireless Safe?
Send hackers packing: Education and data security - prepare for potential problems
Disaster Recovery and Continuity: What Every Business Owner Needs to Know
IT Watch/Disaster Recovery (IE only - video inside)
Disaster Recovery Made Easy
What small-business owners should know about e-mail
Selecting a Web Hosting Provider
Print Media - Buy, Build, or Both?
Press Releases
4/25/08 IBM Recognizes Pragmatix as Leader for Small Business Solutions
03/17/08 VAI Teams with Pragmatix to Expand Software as a Service Customer Base
10/16/07 Pragmatix Expands Services with BlackBerry® Support
ARCHIVE >>
 

Send hackers packing: Education and data security - prepare for potential problems
By BILL ABRAM
As seen in Westchester County Business Journal,
August, 2006

Data security on higher education campuses is a serious concern. Ohio University recently reported that it experienced several occurrences of data theft. The first was in the system of the school’s health center, which contained addresses, Social Security numbers and medical treatment information on 60,000 students. Prior to that breach was the breach of a network server that housed personal information for more than 300,000 Ohio University alumni and donors.

According to a 2003 study conducted by EDUCAUSE, a nonprofit organization that encourages responsible use of information technology, 75 percent of respondents indicated that IT security was a major issue for their educational organization, but fewer than 30 percent of respondents performed risk assessments.

As of last summer, universities nationwide “have reportedly spent $300,000 to $500,000 directly associated with ‘investigation’ and ‘notification’ in response to security incidents where personal information may have been compromised,” according to Rodney Petersen, policy analyst and security task force coordinator at EDUCAUSE.

This is a testament to a growing trend: Many universities and other educational institutions have been remiss in setting up security systems. Some attempt to keep intruders out, yet ignore internal threats; others think they are too small to be a target.

Increased security
Security is one of the largest growth areas in technology today -- with good reason. Internet scams and malicious hackers are more prevalent and virulent than ever. In its 2003 study, EDUCAUSE reported that “automated attacks are replacing individual hackers as the most likely cause of a security breach.”

No network can afford lax security standards. New viruses are introduced daily and spammers use worms to create “spam zombies,” which clog in-boxes, steal passwords and introduce so-called Trojan horses that allow for unauthorized remote access to a computer.

Even if a network is actively protected from external threats, few can stop a student from either maliciously or unintentionally loading a program that opens back doors into administrative computers or turns an entire campus computer system into a spammer’s paradise.

Preventing and minimizing risks
In order to minimize risks, educational institutions should have two networks: one for staff and another for students. Effective intrusion prevention and detection devices include secure VPNs (virtual private networks), firewalls to forestall intruders, and anti-virus and spam-filtering tools, which have become more sophisticated.

Around-the-clock monitoring of e-mail systems, along with daily system backups, ensure that problems are detected quickly and fixed before they cause further damage. Security updates also thwart new viruses that circulate around the globe with the click of a mouse.

Intrusion detection and prevention do more than protect against external threats; they can also segregate and isolate a subnetwork -- or even a single machine -- if security levels have been compromised or if they have yet to be updated from a central server.

No college can afford to maintain open networks that permit users to steal and forge data or host illegal software, music and video share sites. All it takes to sabotage a network is a single student, faculty member or guest. Without properly used firewalls and other protections, systems are vulnerable to network security breaches or to potential lawsuits.

ConsumerAffairs.com reported that personal data from nearly 540,000 student, applicant, employee and faculty records was breached in a variety of incidences at Northwestern University, Ohio University, Sacred Heart University and Vermont State College.

Unfortunately, this phenomenon affects major public and private companies, as well, and the implications are serious. California’s Hacker Law requires businesses and government agencies to “notify individuals when unencrypted personal information in the categories of Social Security number, driver’s license number, account number, or credit or debit card number has been accessed in a computer security breach.”

Reacting to the proliferation of security breaches, almost two-dozen other states are considering legislation to notify individuals -- and in some cases cover losses -- when personal information is stolen.

In many cases, however, small steps can greatly reduce risk. A computer crisis can strike at any time. Institutions that fail to address their security precautions are flirting with disaster. It’s always prudent to prepare for potential problems because, when it comes to computer breaches, no news is good news.

Bill Abram is president of Pragmatix Inc., an information technology company in Elmsford. Reach him at billa@pragmatix.com.

        Copyright 2008 Pragmatix 565 Taxter Road, Elmsford, Westchester County, NY 10523 P: 914-345-9444
Pragmatix Services | Pragmatix IT Solutions | Clients | About Pragmatix | Contact Us | Privacy | Site Map