Universities Expose Students’ Personal and Financial Data To Risk
A cyber-security firm’s new study found college students’ personal and financial information is jeopardized by many universities, as they allow students to send such data through unsecured, unencrypted emails easily read by identity thieves.
The College Fix analyzes the troubling report:
At least one tech expert dismissed the survey as somewhat unimpressive, saying unless students are sending credit card numbers via unsecured email then what’s more important is what happens to that email filled with personal and financial data after the university receives it.
But other tech experts emphasized unencrypted email should not be dismissed.
The cyber-security firm HALOCK Security Labs noted in its research that it “sampled 162 institutions … and found 41 that encouraged scanning and emailing unencrypted documents. The sample included Big 10, Big 8, Ivy League, community colleges and technical institutes and found security transgressions in all sectors.”
“When universities utilize unencrypted email as a method for submitting W2s and other sensitive documents, the information and attachments are transmitted as cleartext over the Internet. This format is susceptible to hackers and criminals who can use this private information for identity theft,” says Terry Kurzynski, partner at HALOCK Security Labs.
The … investigation found unsecured data transmission via email is suggested or offered as an option in collegiate institutions located in California, Colorado, Connecticut, Florida, Idaho, Illinois, Iowa, Indiana, Kansas, Louisiana, Massachusetts, Michigan, Minnesota, Mississippi, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Texas, West Virginia and Wisconsin. …
Universities are prime targets for hacker attacks and attempts at breaches happen daily. In a recent New York Times article, the University of Wisconsin cited that hackers from China are attempting to breach the university up to 100,000 times per day. …
The company recommends parents “insist on a secure electronic transport mechanism that is encrypted or they should deliver documents in-person, through fax or certified mail.”
In interviews with CIO.com, a tech magazine and website that reported on HALOCK’s survey, it was noted that “universities typically place in industry comparisons as some of the riskiest places for sensitive data … even at a schools with university-wide policies requiring encryption of sensitive data, it can be tough to run a secure ship.”
STUDY: Universities Expose Students’ Personal, Financial Data To Risk (The College Fix)