Quantcast
  

Friday, April 18, 2014         

OUR VIEW | ONLINE PRIVACY


 Print   Email   Comment | View 0 Comments   Most Popular   Save   Post   Retweet

Fund UH data security, pronto


POSTED:



Online security breaches that exposed Social Security numbers and other sensitive information at the University of Hawaii have revealed a need for improved record security. The decision by UH officials and state legislators should not be whether to install a needed system quickly, but how to pay for it. Failing to do so would be pound foolish.

Personal information of about 40,000 UH students and faculty was compromised last October when a faculty member uploaded material to a server he thought was private. The mistake prompted a class-action lawsuit a month later. In the past seven years, nearly 260,000 private records held by the university have been inadvertently released — an appalling track record that earned UH a grade of "F" for online security breaches from The Liberty Coalition, a nonprofit civil liberties watchdog group.

Legislators were informed this week that $1.9 million is needed to tighten UH's systemwide Web security, and an additional $764,000 a year would be necessary to keep the upgraded system operational. Any such improvement would necessarily involve all 10 of the UH campuses.

UH is not alone among colleges and universities coping with the problem that they have been slow to address. An open academic environment has conflicted with the need to protect sensitive information and generally deal with security issues, as students and professors absorb themselves with public and private computers.

"Accounts are left open, computers are left logged on and data can be easily lost amid the day-to-day shuffle," explained a report last year by Application Security Inc.

As a result, the report noted, colleges and universities nationwide have experienced 158 data breaches resulting in more than 2.3 million reported records compromised since 2008.

It's a dismally lax environment ripe for cyber-theft, one in which UH and other institutions must take seriously and tighten.

The national economic downturn has resulted in budgetary tightening, causing higher institutions to balk at addressing the problem. Only half of them planned last year to fix their systems, even though breaches threaten to create even more expensive predicaments.

The Ponemon Institute research center reports that data breach incidents cost organizations $204 per compromised customer in compensation and attorney fees in 2009. At that rate, last year's UH breach alone could cost UH a whopping $8 million plus in legal defense spending.

David Lassner, the university's vice president for information technology, told state senators UH might free some money through greater centralization to pay for the improvements, but he has yet to find a source for the full amount needed.

Budgetary concern may be the main reason why some colleges and universities are putting off installation of improved database security, but they are making a mistake that is likely to backfire.

Another key component in tightening online security is a non-monetary one that must also occur: stringent protocols, training and awareness among information users about the crucial nature of Web security.

UH should recognize that the astronomical cost of compensating victims of a breach should require prompt installation of an effective system as part of the university's essential needs.






 Print   Email   Comment | View 0 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(0)
You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
IN OTHER NEWS