Recent data breaches at some of America’s largest higher education institutions are highlighting the vulnerability of students’ and faculty’s private information — and the constant threat universities across the country face.
“Unfortunately, every organization in the world is vulnerable and is at a risk of being breached by a hacker or group of hackers,” said Bogdan Vykhovanyuk, associate director of UCIT information security.
At the University of Cincinnati, private information — including students’ names, social security numbers, addresses, dates-of-birth, phone numbers and Bearcat Card information — are in danger of being illegally accessed on a daily basis.
Everyday, UCIT security systems intercept 1.5 million threats from entering the university’s network, Vykhovanyuk said. He and four other specialists are tasked with preventing potential breaches.
“The UCIT office of information security focuses on protecting the data, as well as planning for cyber incident response focused on identification, containment and eradication of a real or potential information security breaches. Information security is not only about protecting the data, but also about being ready to respond and minimize exposure when a data breach occurs.”
Recently, hackers have been targeting universities around the country, forcing many higher education institutions to reevaluate their security standards.
If accessed, university databases can provide hackers with important personal information about students, faculty and staff.
Exposed Social Security numbers can lead to identity theft, and ruined credit for the victims, making it harder to obtain car or home loans after graduation.
Student Bearcat Cards linked with bank accounts, if hacked, could result in significant financial losses.
“Do I worry about this? Oh yeah, all the time because the University of Cincinnati is a big organization. If you do 43,000 students, the employees and the other groups that we touch it’s a big responsibility,” said Nelson Vincent, vice president for Information Technology and chief information officer.
University firewalls across the county have crumbled due to hacker attacks, exposing personal information belonging to students, faculty and graduates.
In February, the names, addresses and social security numbers of 146,000 Indiana University students may have been exposed and accessed illegally. Earlier in February, the records of 309,000 University of Maryland students, graduates and employees were hacked.
Hacked: Data breaches a concern at American universities
As technology continues to evolve so does the need for ways to protect against hackers constantly adapting to the latest in firewall and data encryption technology.
“Protecting data is critical in the 21st century and it will take many different disciplines and expert areas to figure out how we interact with this technology securely and efficiently simultaneously,” said Richard Harknett, UC political science department head. “Too often we trade off security for convenience and we need to explore new ways to eliminate that trade off.”
Harknett — a member of a state council tasked with providing recommendations and strategies to improve online safety — said the security threat is a nationwide problem.
“My main concern over cybersecurity is not specific to Ohio, but the vulnerability of the digital infrastructure as a whole. Federal capacity to protect digital aspects of critical infrastructures, promote jobs and education in the cybersecurity area have been underwhelming and thus action at the State and local level is very appropriate,” Harknett said.
There are numerous statutes addressing various aspects of cybersecurity, but there’s no overarching framework legislation; putting pressure on states and local institutions to enact and enforce their own data security standards, which are often lacking.
There hasn’t been a security breach in the UCIT centrally managed system in five years, Vykhovanyuk said. However, there have been numerous limited non-central breaches.
To combat these and other threats, UCIT utilizes multiple platforms. The office of information security (OIS) habitually scans UC-owned computers connected to the university’s network for vulnerabilities and weaknesses. OIS then notifies IT administrators about security concerns.
They also implement intelligent firewalls, intrusion prevention technologies, and anti-spam technologies that block 90 percent of spam.
However, there is always room for improvement.
The university’s current student information system (SIS) is out of date, running on software that was originally created in the 1970s.
“The information system is one of the things that’s critical when you talk about all the information and data that’s in a student information system,” said Nelson Vincent, vice president for Information Technology and chief information officer.
The SIS compiles and facilitates data ranging from grades to financial aid. The current system does not meet the “demands for functionality, usability, capacity and accessibility by students, staff and faculty,” Vincent said.
A $46 million investment is going toward building a new system developed by PeopleSoft, a software company that focuses on management systems.
UCIT will also hire two additional security employees as part of the SIS upgrade. The number of people working full-time information security will increase from five to nine.
“It’s a big opportunity to realign our architecture and frameworks,” Vincent said. “PeopleSoft is a much newer system with much newer architecture and it allows us to review everything we do.”
The new SIS will drastically improve data security and help smooth the process of registering for classes as well as improve online campus services as a whole.
A lingering concern Vincent has is the security of individual mobile devices such as smartphones, tablets or laptops. These devices require extra security layers that are difficult to engineer. It is important to have strong security measures in place because mobile devices and web portals are often traditional gateways for hacking.
“The security discussion is almost every day,” Vincent said. “It’s on everyone’s mind; it has all our attention.”