At George Mason University, all it took was one determined hacker to compromise the sensitive information — Social Security numbers included — of more than 32,000 students. One man. No weapons, no force — all of the damage was likely done in the confines of a bedroom with a desktop computer or a laptop. GMU officials then learned that they had actually been attacked in November, two months earlier, and students’ information may have had several weeks to fall into the hands of identity thieves.
University students learned yesterday that we could be susceptible to similar attacks. In the past, this university has been lauded as one of the most wired in the nation. The Office of Information Technology has routinely done a good job equipping students with up-to-date technology, but now the university must make sure OIT has all the resources it needs.
A report from the university’s Information Technology Committee found that sensitive student information stored on the university’s computers may be at risk, and that if a disaster were to damage campus technology, the university does not have a plan in place to recover information. University administrators must move now to direct funds and personnel to solve these potentially disastrous problems.
If the university needs evidence about why computer security is essential, the experience of George Mason University offers a great example. Though this university’s officials are working to cut the use of Social Security numbers, it is still the prime means of identification for most students. It is only time before a hacker (who could even be a university student) is able to access a great deal of student information. That scenario would cost far more in headaches and legal trouble than supplying the funds to prevent it.
Ditto for a university information recovery plan. Something as simple as an electrical outage could disrupt campus operations for weeks because the university does not yet know how it will recover information lost in the event of a technological disaster.
Despite an increase in state funding, money is still tight at the university. But over the last few years, the student technology fee has had a surplus of dollars because of a lack of approved projects on which to spend the money. The university should take the initiative now to use at least a portion of those dollars for computer security. If the university’s computers are vulnerable to attack, none of the other projects that are funded by the student technology fee will matter.
