Most campuses report security breaches

The majority of higher education managers experienced at least one information technology security incident last year and one-third reported a data loss or theft.

Those are among the findings of the second annual Higher Education IT Security Report Card, which CDW-Government released this week. The report is based on a survey of 182 higher education IT directors and managers nationwide.

Fifty-eight percent of those respondents reported at least one security incident last year. In addition to the 33 percent reporting data loss or theft, 9 percent of the IT managers encountered data loss or theft of student personal information.

Managers cited lack of funding and insufficient staff resources as the biggest barriers to improving campus security, said Julie Smith, director of higher education at CDW-G.

Another issue is academia’s tradition of openness.

Stan Gatewood, chief information security officer at the University of Georgia, said universities have technology, throughput and bandwidth on par with corporate America but also possess a culture of freely flowing information.

“That is what makes us a target-rich environment,” Gatewood said.

University administrators earned a B, with 93 percent of the IT managers surveyed describing executive administrations as supportive to extremely supportive of IT security measures.

Faculty and students earned Cs, however. Twenty-eight percent of respondents described faculty as unsupportive of IT security measures. Thirty-one percent of students also received the unsupportive label. Respondents cited lack of awareness and a “disregard of rules/policies” as major obstacles.

Gatewood said security awareness training and education provide the best return on investment in security.