Report: 50% of colleges, universities transmit sensitive information over unprotected email
07 August, 2013
category: Education
HALOCK Security Labs recently conducted an investigation that found that this back-to-school season to be the ideal time for data thieves to steal personal and financial information from students and parents.
The cyber security firm sampled 162 institutions in the United States and found that more than 50% of colleges and universities enable the transmission of sensitive information over unencrypted email. Furthermore, 25% advised applicants to send personal information – including W2’s – via unencrypted email to admissions and financial aid offices.
The HALOCK investigation found unsecured data transmission via email is suggested or offered as an option in collegiate institutions located in California, Colorado, Connecticut, Florida, Idaho, Illinois, Iowa, Indiana, Kansas, Louisiana, Massachusetts, Michigan, Minnesota, Mississippi, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Texas, West Virginia and Wisconsin.
Universities are prime targets for hacker attacks and attempts at breaches happen daily. In recent news, the University of Wisconsin cited that hackers are attempting to breach the university up to 100,000 times per day. Not only do universities maintain student and parent private information, they are also hubs for intellectual property and ground-breaking research – a rich target for hackers.
HALOCK affirms, universities should not offer unencrypted email as a method of collecting student applicant information. A variety of solutions exist, including secure web portals and other secure transport architectures.
Also, parents should insist on a secure electronic transport mechanism that is encrypted or they should deliver documents in-person, through fax or certified mail. Parents should also request information regarding the university’s policy on protecting private information often referenced as the “Information Privacy Policy” or the “Privacy Statement.”