Campus Network Risks Leave Students Vulnerable

More than 3 million students could be at risk, according to CDW Government, Inc. and Eduventures, which reported Tuesday that IT security continues to be a major concern on college campuses.

"Our higher education institutions have always placed a high value on protecting the safety of their students, faculty and facilities. Today, that extends into protecting an ever-expanding volume of personal and institutional data, as well as a growing number of networked devices, from increasingly sophisticated security threats," Julie Smith, director of higher education for CDW-G, said through a prepared statement. "Our second annual survey found that while higher education IT directors recognize IT security as a major priority, they are stretched thin for the vital resources they need to prevent a devastating loss of critical data."

Eighty-four percent of respondents said IT security was a one of their top five priorities, while less than half said that college administrators do not make IT security a high priority. IT directors and managers cited lack of funds and limited resources as the major barriers to improving campus IT security.

The CDW-G Higher Education IT Security Report Card 2006 shows that only 11 percent of respondents said their networks are very safe from attack, while most respondents said their top concern centers on sensitive data stored on unprotected computers.

IT directors and managers gave administrators a "B" for IT security support, with 93 percent of respondents stating that executive administrators are supportive or extremely supportive of security initiatives. However, the group lacked sufficient financial commitment, according to the report card. Ninety-seven percent of respondents said that 25 percent or less of their IT budgets go toward security, and 81 percent said they do not get enough money for security. Sixty-eight percent reported no increase in IT security funding this year, compared to last year.

Faculty and students earned a "C," mainly for "lack of awareness." Twenty-eight percent of respondents said faculty "were not supportive" of IT security initiatives, and 31 percent of respondents said students "were not supportive." Respondents also said that a major roadblock to IT security is that students disregard rules or policies.

"Part of the perceived lack of support on campus can be attributed to the fact that computer users are not aware of IT security policies," Catherine Burdt, an Eduventures senior analyst said through a prepared statement.

CDW-G said college departments should initiate dialogues on presenting formal business cases to seek increased funding. Those would include examining the cost of a major security breach -- including downtime, technology, employee hours, communications and legal action.

Colleges also should improve policies regarding authorization and access to reduce external threats, manage and monitor the increasing number of devices linking to their networks and consider investing in technologies for access control, according to the report. They also should increase funding for security training and awareness and mandate training for all network users, according to CDW-G.

CDW-G surveyed 182 IT directors and managers from small and large campuses throughout the United States. It stated that the report's margin of error is +/- 5.5 percent, with a 90 percent confidence level.