Tuesday, February 25, 2014
University data breach prompts more reflection on security
The last few months have been a rough stretch for data security.
Secure File Transfer
The last few months have been a rough stretch for data security. Adding to unprecedented retail breaches, the University of Maryland recently announced that about 300,000 personal records were exposed when hackers gained access to their system. These records contain sensitive information including social security numbers, which leaves victims highly concerned about identity theft.
"It sounds like they got Social Security numbers, so I wouldn't be surprised if people try to take out credit cards, that kind of stuff," Jake Federkeil, a computer science major from Sykesville, MD, told USA Today.
The University explained that the breach did not compromise financial, academic, health or contact information, reported NBC Washington, but the size of the incident and the exposure of Social Security numbers are driving yet another round of discussions about storing personal information and maintaining data security.
According to The Wall Street Journal, the records exposed by the breach dated back to 1998. The news source questioned whether organizations like universities need to retain highly sensitive data, like Social Security numbers, for students or customers who have long since left their walls. To reduce the impact of a breach, companies should try to eliminate unnecessary information so not as much is vulnerable to exposure. However, it's often necessary to store personal data at least for a specific time period, so organizations need secure file sharing and data management solutions that offer strong protection.
Data security precautions
A University of Maryland spokesman said that the school had recently doubled its investment in security experts and tools, NBC Washington reported, but the hackers were able to work their way through multiple layers of security. Although no security system is completely fail proof, what's more concerning is the number of organizations that don't prioritize essential security precautions. David Vladeck, former director of the U.S. Federal Trade Commission's consumer protection bureau, told The WSJ that budget-constrained universities often spend their financial resources elsewhere, rather than investing in stronger security measures.
The problem isn't restricted to academia: According to a recent Dell Global Security Study, the majority of IT leaders don't view unknown threats, such as new risks from BYOD vulnerabilities, as top security concerns. While 76 percent indicated that organizations need to protect against inside and outside threats, they aren't necessarily seeking safer solutions like managed file transfer services to bring their security to a higher level. Similarly, the 11th annual Global Information Security Survey conducted by PricewaterhouseCoopers and CSO found that security spending hasn't kept up with rapidly expanding threats as enterprise systems become more open, more mobile and bigger.
Security is complicated - but absolutely crucial. Many organizations need affordable solutions that allow them to manage the sensitive information they need to store in order to do business. These solutions need to be simple enough to ensure employees adhere to them while being affordable for companies with limited budgets. Security is an ongoing project that must cover multiple vulnerabilities, from the threat of outsiders hacking into the system to employees losing devices with unencrypted information stored on them.