Number of data-security incidents increase
Eastern has seen an increase in its number of data-security incidents since last year.
Chat Chatterji, assistant vice president for Information Technological Services, said the university experienced a slight increase in the number of data security incidents from 2006 to 2007. These incidents involved theft or human error, he said.
Last year problems arose during conversion from the university’s old administrative system to the new system, Banner.
A national study done by Adam Dodge, assistant director for information security, found the number of universities reporting security incidents last year increased by almost 70 percent from 2006.
Dodge said several different factors could have contributed to this increase. More media attention or increased efforts by universities to discover security issues could have lead to the spike in reported incidents, Dodge said.
“The fact is that with a limited time frame and the relative immaturity of mandatory reporting laws, it is impossible to say if the increase shown between 2006 and 2007 was the result of an increased awareness or an increase in actual attacks,” Dodge said.
The Educational Security Incidents study was compiled based on two years of data.
Dodge added Eastern has only had one incident in his report.
He said Eastern suffered a security breach last year when a university computer was stolen from an on-campus office. The computer contained sensitive information on 1400 Eastern students.
“The incidents did expose Social Security numbers,” Chatterji said. “Typically though, when this happens, the exposed information is only seen by users who are authorized to use the administrative system.”
Eastern uses centralized systems, such as Banner and WebCT, to store information on staff and students. Dodge said this could help reduce the number of data-security issues.
“Utilizing such information removes the need to store sensitive information on workstations and laptops, thus greatly reducing the chance that sensitive information will reside on a computer in the even that it is stolen,” Dodge said.
Although personal information has been revealed because of human error and theft, Chatterji said the university has not seen any successful cases of hacking.
There are multiple security measures in place at Eastern to protect the university’s systems from being hacked.
However, Chatterji said attacks could still happen.
“If there were to be such an incident, the systems do keep logs of who did what and when,” he said.
Monitoring of Eastern’s network has shown unprotected computers become vulnerable to virus attacks, which is why the university uses the Cisco Clean Access Agent. The software helps residents get up-to-date software patches and anti-virus protection on their computers.
The software was implemented in 2005 to help ensure security for on-campus students.
“These so-called viruses, rather than just being physically destructive to hard disks as they used to be when (hacking) was a fashionable thing to do, nowadays typically contain a ‘bot’ that looks for e-mail addresses and personal information,” Chatterji said.
The student handbook states those who do try to hack the university’s system will face internal judicial measures and possibly civil measures, depending on the severity of the incident.
Chatterji said a student was arrested a few years ago for trying to install a key logger on a computer in an on-campus lab.
Nationally, employee mistake outnumbered hacker incidents 2 to 1 last year.
This may be because many universities have programs and systems in place to ensure network security. Dodge said hackers have to get through many layers of security in order to access internal information.
Although Eastern has not seen any security incidents because of hacking, Chatterji said students should keep their passwords private and update computer and anti-virus software regularly to reduce the risk of their personal information being exposed.
Students should also be aware of what websites they download multimedia from.
“Many Web sites offering free video downloads are anything but free,” Dodge said. “Many of these videos, and even some of the websites, contain viruses and other malware that could allow a person to take over your computer for nefarious reasons.”
Barbara Harrington can be reached at 581-7942 or at bjharrington@eiu.edu.