IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security News

University Data Breaches Underscore Need for Employee Security Training


By: Fahmida Y. Rashid
2011-03-09
Article Rating:starstarstarstarstar / 1


There are  user comments on this IT Security & Network Security News & Reviews story.



  Table of Contents:
  1. University Data Breaches Underscore Need for Employee Security Training
  2. Data Security Requires Constant Reminders

The latest data breaches at Missouri State University, University of South Carolina and Midland Tech highlights what happens when employees don’t think about security while going about their daily business.

University Data Breaches Underscore Need for Employee Security Training
( Page 1 of 2 )

Three universities recently reported security breaches that compromised student and faculty private data. While unrelated, these incidents underscore the importance of educating employees about the security implications of accidentally misplacing data.

Nine lists containing personal information on 6,030 students were leaked online by a Missouri State University employee in November 2010, but the breach was not identified until Feb. 22, wrote Kevin Shwaller of OzarksFirst.com.

The university had created lists of students who’d studied at the College of Education at MSU between 2005 and 2009 to submit for the accreditation approval, according to the March 3 article. The lists contained names and Social Security numbers, the university said.

Although the list was supposed to be uploaded to a secure server accessible only to university personnel as part of the accreditation process, it ended up on an insecure server, exposing it to the Google spiders indexing the Web, the university said. The MSU IT team is currently working with Google to remove all leaked lists from the search engines indexes, the university said.

Organizations usually have 60 to 120 days to approach a breach. In this case, MSU acted very promptly.

Employees don’t understand the risks of mishandling sensitive information, Geoff Webb, director of product marketing at Credant Technologies, told eWEEK. While training on what to do with data is important, users need to think about security all the time, and not just as a “check-box item” to address once a year, he said.

It’s an education problem, said Josh Shaul, CTO of Application Security, told eWEEK. For example, if a laptop with sensitive information is lost, employees think of it in terms of a lost computer and not as a corporate data breach, he said. They don’t realize there’s no difference, he said.

That is similar to what happened at South Carolina’s Midlands Tech, where a contractor walked off with a flash drive containing personal information on employees. Even though the drive was returned immediately and the university doesn’t think anyone actually used the information, the university will still pay for credit monitoring for concerned employees, said Todd Gavin, a Midlands Tech spokesperson.

Employees need to think about security as they walk around with terabytes of storage in their pocket, Webb said.

As for the MSU incident, there were “23 hits” on pages containing the exposed student data, and “every one of these hits was from residential type areas that we could determine,” said Jeff Morrissey, an MSU spokesman.

All but six students have been notified of the breach because the university was still searching for an address, phone number or e-mail address for them, Morrissey said. MSU has notified the Missouri Attorney General and has taken disciplinary action against the employee who posted the lists.








 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Fahmida Y. Rashid
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 8
 
Close this advertisement