Aug 20 2007

An Education Technology Balancing Act: Access and Security

The risks and consequences of data security breaches aren’t lost on information technology professionals within the higher education community. They are also well aware that colleges and universities are attractive targets for would-be hackers and identity thieves because educational institutions house vast amounts of personal information.

Data compromises have been making national headlines lately, and I’m confident that your institution is trying to stay out of the news by keeping data secure. Never ending and constantly evolving, the threats are indeed formidable, but the consequences of not embracing proactive measures to counter them are no less daunting.

In “Lock Up Your Data” on Page 9, doctoral candidate and hack researcher Kris Erickson delivers some telling statistics about hacking on campus. For starters, U.S. colleges and universities had 166 incidents of data loss between 2000 and 2006.

So how can you fortify your defenses and mitigate these risks so that information is more secure? In this issue of EdTech: Focus on Higher Education we illuminate strategies and insights from experts who face this challenge on an everyday basis. The oxymoron in all of this is difficult to miss: The higher education environment is intended to promote the free- flowing exchange of ideas, yet safeguards must be put in place to restrict access to certain types of data.

“We’re always trying to balance access and security,” says Lori Temple, vice provost for IT at the University of Nevada at Las Vegas, in “Can You Hack It?” on Page 16. Using a best-practice approach to security, Temple advises developing a set of policies and checklists and focusing on protecting the most sensitive data, such as Social Security numbers and university grant information. Education is also a key component. The “think before you click” campaign warns students about potentially harmful attachments and suspicious e-mail.

At the University of Maryland, the Office of Information Technology has formed a unit to stress the importance of responsible IT practices, aptly named Project NEThics. In “The Human Side of IT Security” on Page 45, Brian W. Markham discusses the role that the unit plays on campus, including educating students on how to protect themselves against attacks and what to do if they become victims.

Educational outreach at both the University of Nevada at Las Vegas and the University of Maryland is time well spent. University of San Francisco vice president for IT and CIO Tracy Schroeder underscores that the hacking problem not only hits home but also frequently originates there. “Our most significant hacking attempt is from the inside from ambitious students who want to test the university,” she says.

Chris Christiansen, IDC security analyst, recommends implementing a strict network access control policy for students. This policy would require students “to load a client supplied by the university that contains antivirus and personal firewalls that can also contain a way for the university to check whether the student’s machine and online behavior is compliant with the university’s proper use and policies.”

Whatever approach you take to educating students and crafting effective policies, by engaging in these activities, you are strengthening your defense, brick by brick, and building a stronger fortress on your campus.


52% of breaches at higher education institutions in 2006 were caused by hackers.

SOURCE: Privacy Rights Clearing House