Higher ed applicant data at risk

Many universities aren't adequately protecting the personal data of their applicants.

Many higher education institutions have gone increasingly digital in recent years in order to streamline the applications process. This practice benefits students, who can keep up to date on key deadlines, submit the pieces of their applications to their school online and track the status of their submissions. Many students now apply to more than 10 schools and sometimes closer to 20, as admittance is highly competitive, so digital submissions can relieve any anxiety and confusion regarding the status of their applications. The policy also offers myriad advantages for school officials, who can store student information more easily, share applications between members of the admissions committee and save on costs during what can be a highly expensive process.

However, digital interfaces also pose data risks, and there are indications that universities aren't doing nearly enough to make sure that applicants' information is safe. As many more students apply than get accepted for most schools, poor security practices could be putting the confidential information of thousands of students and their families at risk. Many universities have not upped their software layered security or cyber protection even though they increasingly conduct business digitally. Admissions committees are usually populated by professors and school officials who have little cybersecurity knowledge or concern for best practices, as well as work study students and temporary technical assistance that might not be sufficient enough to protect the institution's interests. At the same time, compromised data could mean severe financial losses or bad press for a university in an arena where budgets and reputation are always of premium importance.

Many universities lack policies
A recent study on digital protection for university applicants found that many institutions are leaving data open to breaches. Out of 162 surveyed institutions, half allowed applicants to send confidential information over unencrypted emails. Swiping information between end points has been particularly successful for hackers. Additionally, one quarter of the schools surveyed mandated that applicants send personal information over unencrypted email to admissions committees and financial aid officials. This personal information included W2s, Social Security numbers and family financial data. The security firm that conducted the study neglected to disclose names, but did state that the survey looked at Big 10, Big 8 and Ivy League universities, as well as technical institutes and community colleges. Analysts who conducted the study commented that many higher ed institutions took a reactive approach to their computer security, only establishing new defense systems following an incident.

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.