A third of higher-education institutions has experienced a data loss or theft—in particular grades and exam questions—in the last year, with nine percent reporting a loss or theft of student personal information, which could affect millions of university students. Those are among the findings of a survey of 182 IT directors and managers at public and private higher-education institutions conducted by CDW Government, Inc.

These losses come even though 82 percent of the respondents call IT security their highest priority or among their most important responsibilities. Lackadaisical attitudes by administrative staff and students may be the reason. The survey shows that 60 percent of the respondents thought IT security not among the top five priorities of administrators, and almost a third said students did not support IT security initiatives, noting a “disregard of rules/policies” among students as a key threat.

With the right preparation, they could enjoy a safer computing environment. “Information security supports and enables the institution in achieving its goals and objectives,” says Stanton Gatewood, chief information security officer at the University of Georgia, so IT security professionals must map their security objectives to the institution’s.

He recommends building security awareness, training, and education components for students, faculty, and staff, and emphasizes that everyone needs to be aware of up-to-date

IT threats so they can use the security lessons every day. “This is an issue that many higher-education institutions pay little attention to,” he says.

Gatewood points out that the biggest threats come from within. “Fact is, most hacks are from internal sources,” he says. Typically, insiders are simply browsing the limits of their systems, he says; placing multiple levels of protection between attackers and business-critical information resources makes it possible to lock out most hackers. “The deeper an attacker tries to go, the harder it gets,” he says.cdwg_it_security_report1206_0.pdf