Click here to receive your FREE subscription to Campus Technology
Data Security
Peace (of Mind) in Our Time
10/1/2007
“It’s a safe bet that figure is similar in higher ed,” says Ed Golod, president of Revenue Accelerators, a technology consulting firm in New York. “Universities are the most unwired organizations in the world. So it’s hardly surprising when laptops, notebook computers, and other mobile devices are used outside of the office—and wind up disappearing.”
PEOPLE ARE STILL YOUR BEST DEFENSE
WHAT’S THE WEAKEST LINK in your university’s security architecture? The answer often has little to do with technology, and a whole lot to do with people. Certainly, a hacker can probe your network for weak links. But in many cases, hackers use “social engineering” techniques to trick people into sharing passwords and other confidential information.
Take the case of Kevin Mitnick, a convicted hacker who spent much of the 1990s breaking into highly secure networks from Sun Microsystems, Motorola, and other technology companies. While Mitnick was a skilled technician, he also spent a considerable amount of time working the phones pretending to be company employees who had lost their passwords. On several occasions, Mitnick even tricked network administrators into sending or revealing password information. How can schools keep their campus communities from falling prey to such determined hackers and their techniques?
In order to combat social engineering, universities should remind students, staff, and faculty to:
- Never share or write down password information.
- Never communicate confidential information over the phone, or via e-mail or any other communication system.
- Always confirm the identity of callers who are seeking confidential information that you handle.
Still, losing a notebook often isn’t the real problem. Of greater concern is recovering— or at least protecting—databases, Excel spreadsheets, and other types of confidential information residing on the systems. That’s where encryption software enters the picture. In a typical scenario, encryption software scrambles data so that they can’t be read by probing eyes. The encrypted data could reside in a server database, or on a desktop or notebook, and can only be decrypted by the appropriate software “key.”
Yet, in the 1990s, most encryption software placed too much “overhead” on hardware and software, slowing down systems and impeding productivity on servers, desktops, and mobile computers. “The very people who expected to benefit from encryption wound up complaining that it either was too complicated, too slow, or too expensive to deploy campuswide,” recalls Golod. But the times they are a-changin’. Faster hardware coupled with improved encryption software has set the stage for broad adoption of encryption technologies. Baylor, for one, has embraced PGP’s Whole Disk Encryption technology (www.pgp.com) to protect data stored on its desktop and laptop computers, along with the PGP Universal Server for centralized management of its encryption applications.
Recommended Reading
- CT Industry
- CT Solutions
- Cut to the Core
- DAM-ing the Digital Flood
- Get The Word Out
The market’s teeming with products to help you alert your campus community on any number of fronts. Now you just have to pick the right ones and get everyone signed up.
- Thwarting the Copycats
New tools are helping colleges and universities counter burgeoning paper mill sites, pervasive internet content, and persistent student ingenuity.
