Protecting Sensitive Data
Since 2005, the Privacy Rights Clearinghouse (PRC) has worked to document how technology affects individual privacy and to educate consumers on how to protect their privacy. The PRC also collects information on verifiable data breaches in the United States and the number of records containing PII (Personably Identifiable Information) exposed in those breaches.
As of April 25, 2014, the PRC Chronology of Data Breaches had documented 4,257 data breaches in the United States involving at least 867,217,832 records from all industry sectors, including but not limited to education. The PRC data-base includes 727 breaches involving educational institutions that were made public in 2005–2014, involving more than one million breached records.
Statistically speaking, college students and faculty tend to spend significantly more time on the web than average, mak-ing them prime targets for malware exploits. What happens if one of these individuals visits a site that’s loaded with malicious software, malware that could take over a student’s or even an administrator’s computer?
That’s apparently what happened to the controller’s computer at the University of Virginia. According to reports, thieves stole a million dollars from the University of Virginia after compromising the computer belonging to the univer-sity's controller. A virus intercepted online banking credentials for the university's accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China.
College students are known to be among the most avid users of social networking sites. And by its nature, social net-working frequently leads to the sharing of personal information. Phishers have recognized this and attempt to exploit these factors, making for an alarming risk when students surf Facebook or Twitter.
Phishers are looking to these sites to collect credentials such as names and password information from university stu-dents. The cyber criminals then use this data to create botnets used to facilitate malicious activity including spamming or denial of service (DoS) attacks. Although used differently, both target large groups of individuals who are typically willing to share personal information and trust online links—a.k.a. college students at social networking sites. Research data shows a steady climb in phishers utilizing social networking sites to lure in their victims.
One critical security threat that is often unique to university and college networks is related to the use of P2P software. File sharing and P2P software were designed to facilitate exchange of music, movies, videos, and other files over the Internet, and are clearly a big hit with student populations. But malicious software like viruses, worms and trojans are regularly distributed using these same P2P applications.
Some of the P2P programs themselves also contain "spyware." This allows the author of the program, and other net-work users, to see what the user is doing, where they’re going on the Internet, and even to use that computer's re-sources without their knowledge. Malicious individuals also target these P2P networks, routinely issuing searches to gain access to customer credit cards, Social Security numbers, medical and financial details, network login passwords and more.
In higher education, the largest proportion of the reported breaches fall into the hacking/malware classification (36%).These are breaches where an outside party accessed records via direct entry, malware, or spyware.
30% of the reported breaches were the result of unintended disclosure, where sensitive information was inadvertently made publicly available on a website or sent to an unintended recipient via e-mail or fax. 17% of the reported breaches were due to the loss of a portable device, such as a lost or stolen laptop or memory device.
As of April 25, 2014, the PRC Chronology of Data Breaches had documented 4,257 data breaches in the United States involving at least 867,217,832 records from all industry sectors, including but not limited to education. The PRC data-base includes 727 breaches involving educational institutions that were made public in 2005–2014, involving more than one million breached records.
Statistically speaking, college students and faculty tend to spend significantly more time on the web than average, mak-ing them prime targets for malware exploits. What happens if one of these individuals visits a site that’s loaded with malicious software, malware that could take over a student’s or even an administrator’s computer?
That’s apparently what happened to the controller’s computer at the University of Virginia. According to reports, thieves stole a million dollars from the University of Virginia after compromising the computer belonging to the univer-sity's controller. A virus intercepted online banking credentials for the university's accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China.
College students are known to be among the most avid users of social networking sites. And by its nature, social net-working frequently leads to the sharing of personal information. Phishers have recognized this and attempt to exploit these factors, making for an alarming risk when students surf Facebook or Twitter.
Phishers are looking to these sites to collect credentials such as names and password information from university stu-dents. The cyber criminals then use this data to create botnets used to facilitate malicious activity including spamming or denial of service (DoS) attacks. Although used differently, both target large groups of individuals who are typically willing to share personal information and trust online links—a.k.a. college students at social networking sites. Research data shows a steady climb in phishers utilizing social networking sites to lure in their victims.
One critical security threat that is often unique to university and college networks is related to the use of P2P software. File sharing and P2P software were designed to facilitate exchange of music, movies, videos, and other files over the Internet, and are clearly a big hit with student populations. But malicious software like viruses, worms and trojans are regularly distributed using these same P2P applications.
Some of the P2P programs themselves also contain "spyware." This allows the author of the program, and other net-work users, to see what the user is doing, where they’re going on the Internet, and even to use that computer's re-sources without their knowledge. Malicious individuals also target these P2P networks, routinely issuing searches to gain access to customer credit cards, Social Security numbers, medical and financial details, network login passwords and more.
In higher education, the largest proportion of the reported breaches fall into the hacking/malware classification (36%).These are breaches where an outside party accessed records via direct entry, malware, or spyware.
30% of the reported breaches were the result of unintended disclosure, where sensitive information was inadvertently made publicly available on a website or sent to an unintended recipient via e-mail or fax. 17% of the reported breaches were due to the loss of a portable device, such as a lost or stolen laptop or memory device.