In February 2014, a Drexel employee in the Steinbright Career Development Center accidentally released the student ID numbers and other information of over 5,000 students. The employee attached the wrong attachment to an email that went out to several hundred students, and the damage was done. Students were shocked and pushed for answers from the University, and everyone whose information was disclosed had to be assigned a new ID number. This was annoying, especially for upperclassmen who had to memorize a new ID number a few months before graduation.
Although this situation ultimately amounted to just an inconvenience, the release of information online often can have far greater consequences. Sometimes information is shared through human error, as in the above case, but sometimes private information is obtained before we even know it. We often forget how much we share online — our credit card numbers, our social security numbers, confidential emails or data — and unless we take appropriate precautions, this information is vulnerable to cybercrime.
Recently, the University announced that they have taken the next step in the technological arms race against cybercriminals and adopted a four-step data security initiative. In the first step, already completed, the IRT installed anti-virus and security software on Drexel computers. The second step involves the installation of an encryption tool that will automatically encrypt information on a computer so that it can’t be accessed by cyber-thieves even if the computer is stolen. The following steps involve securing and encrypting portable devices connected to Drexel mail servers and introducing an email data loss system. The email system prevents accidental data leaks like that of students’ ID numbers by scanning an email for confidential information and asking the user to confirm whether or not she wants to share this information.
This is crucial, especially after the SCDC debacle earlier this year. We are happy to hear that the University is taking measures to protect our educational and personal information, which will lower the chances of Drexel facing an even larger information breach.
Large information breaches are one of those things that we think we’re safe from until it happens to us — it is all too easy to fall into a mentality of “that will never happen to me.” While these new measures demonstrates Drexel’s effort to protect its students, we also need to protect ourselves. It’s been said time and time again, but we need to be varying our passwords from site to site, use apps to secure passwords, credit card numbers, and other secure information. Just use your head and be careful — because those things are much more than numbers and can cause a lot of damage if compromised.