A Quarter of Higher Ed Transmits Unencrypted Student Data

Should colleges and universities be insisting on the use of encryption for the transmission of sensitive information among its student applicants? That's what one security firm is recommending after doing an informal audit of 162 American institutions, including schools that are part of the Big 10, the Big 8, the Ivy League, community colleges, and technical institutes. Halock Security Labs reported that 41 of the institutions sampled "encouraged scanning and emailing unencrypted documents."

According to the company, unencrypted data transmissions between applicants and the admissions or financial aid office can place the personal information of students and parents at risk. Encryption calls for the use of special software that scrambles data, converting it to a format that can only be read by somebody with a unique key. Princeton University, for example, has a policy of requiring that all "eligible" faculty and staff laptops have software installed to do automatic encryption.

"When universities utilize unencrypted email as a method for submitting W2s and other sensitive documents, the information and attachments are transmitted as cleartext over the Internet. This format is susceptible to hackers and criminals who can use this private information for identity theft," said Partner Terry Kurzynski.

Figuring out whether a Web page supports encryption is a simple process. If the URL begins with "https://" and the user's browser shows a closed lock, the site is using encryption between the browser and its server. If the Web page begins with "http://" and the browser shows an open lock, nothing done through that page is encrypted.

Many public and private institutions use The Common Application, a secure service that handles first-year and transfer applications.

Halock spokespeople declined to provide the names of schools it had found that failed to encrypt admission or financial aid information. However, a quick search uncovered one multi-campus institute of technology and an Iowa community college that provided admissions forms that weren't encrypted. The former accepted name and contact information; the latter also asked for a Social Security number, birth date, and a number of other personal details.

The topic of encryption is gaining more attention as the number of cyber-attacks on campuses appears to be increasing. Recently, for example, Stanford University acknowledged that it had been investigating a data breach in its IT infrastructure and requested that all users on the network change their passwords.

According to an article this week in The New York Times, research universities especially are facing "millions of hacking attempts weekly." Many of the attacks are coming from China, according to the reporting. And higher education is a target, suggested the article, because of the value of the research taking place in those environments.

At the same time, colleges and universities are suffering just a fraction of the breaches faced by government, military, and private sector organizations, according to a new visualizer that examined worldwide breaches over the last nine years.

To counter the problem of unsecure data falling into the wrong hands, Halock suggested that families of applicants "insist" on an electronic transport mechanism that is encrypted or deliver documents in person or through fax or certified mail. The company also encouraged colleges and universities to do a better job of encouraging applicants not to use public contact email addresses to send private information.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • glowing brain, connected circuits, and abstract representations of a book and graduation cap on a light gray gradient background

    Snowflake Launches Program to Upskill 100,000 People in Data and AI

    Cloud data platform Snowflake is embarking on an effort to train and certify more than 100,000 users on its AI Data Cloud by 2027. The One Million Minds + One Platform program will provide Snowflake-delivered courses, training materials, and free access to Snowflake software, at no cost to learners.

  • Two shadowy figures sit at computers with glowing screens, surrounded by floating digital codes in a dark, high-tech environment

    Reports Note Increasing Threat of Nation-State-Sponsored Cyber Attacks

    A bevy of new cybersecurity reports point to the continuing problem of nation-state-sponsored threat actors. The primary culprits have long been Russia, China, Iran, and North Korea, which all show up in recently published reports from Microsoft, IBM, Tenable, and Fortinet.

  • glowing AI text box emerges from a keyboard on a desk, surrounded by floating padlocks, warning icons, and fragmented shields

    Study: 1 in 10 AI Prompts Could Expose Sensitive Data

    Nearly one in 10 prompts used by business users when interacting with generative artificial intelligence tools may inadvertently disclose sensitive data, according to a study released by data protection startup Harmonic Security Inc.

  • a glowing golden coin with a circuit board pattern, set against a gradient blue and white background with faint stock market graphs and metallic letters "AI" integrated into the design

    Google to Invest $1 Billion in AI Startup Anthropic

    Google is reportedly investing more than $1 billion in generative AI startup Anthropic, expanding its stake in one of Silicon Valley's leading artificial intelligence firms, according to a source familiar with the matter.