Monday, April 14, 2014

UMD Data Breach

Preventing data breaches is more important to your business than ever before. Headlines on a nearly daily basis include an alarming number of information leakage incidents. On March 15, 2014, the University of Maryland learned of a cyber-intrusion into its network. This was the second intrusion of the year. Working together, the University’s police and IT department, FBI, and U.S. Secret Service successfully stopped the intrusion.  The FBI was later able to inform the University that there was no public release of any data except for the social security and phone number of the University’s president, Wallace D. Loh. David Helkowski, a former contract worker for the University of Maryland said “he hacked into scores of data­bases in the school’s computer system and posted the university president’s “private information” online to draw attention to security problems.” Helkowski told the Baltimore Sun that he saw flaws in the university’s system even before the February breach. He brought up his concerns but his supervisors did not act upon his comments. He grew frustrated that his comments weren’t being taken seriously. David said, “I had to do it, because if I did not do that, they wouldn’t have acknowledged the seriousness of the problem.”
        In the news we see more and more companies getting attacked by hackers, yet do other companies do anything about their security? I do not think that many companies really understand the seriousness of cyber security and the measures that need to be implemented in order to make sure their data is protected. In the University of Maryland case, they received a warning from Mr. Helkowski but did not do anything to check their databases and security. When companies receive threats, they should always check to see everything is running smoothly and that there are no flaws in the system. Even the smallest flaw can cause a breach.  Because University of Maryland has such a large database with sensitive data they should’ve addressed Mr. Helkowski’s comments right away.
        McAfee offers several cyber security tips for companies and even universities like the University of Maryland: They believe companies should train all of their employees to use strong passwords that involve letters and characters. Companies should teach employees to and to avoid dangerous links and emails. Employees should also know where the confidential data is stored. Companies that distribute devices to employees should keep track of all the devices to prevent potential data breaches. By protecting their website, companies can reassure customers by using trust marks on their website and utilizing strong anti-virus software. They also suggest that every company have clear cyber security policies. Companies should write a concise policy that specifies device use and if no longer employed, how to dispose of secure information. Also, by screening their employees prior to hiring them, companies put themselves at less risk.
       Finally, Companies can do everything possible to try and protect their data but unfortunately in today’s technology enriched world, there will never be a theft/fraud free measure.

 ^ main article

1 comment:

  1. After talking about this specific article in class I immediately wanted to read more about the cyber intrusion. I find it extremely alarming that the University of Maryland did not take serious action the first time they encountered cyber-intrusion, and even when the former contract worker, David Helkowski had warned the school that their database was not secure. Learning all about how databases work in class explained to me how much serious work goes into creating a database. However, security is highly important because you need to keep the information safe from the public. When the school received the threat from Mr. Helkowski, they should have ran serious tests to see whether or not their network was secure. I think that since the breach in March, the school should be much more aware of their security. The University of Maryland should definitely invest in more security training programs such as the McAfee just to get an understanding of why this keeps on happening to them. I think that McAffee’s motto on every company having clear cyber security policies is extremely effective because they need to make sure that all of their information is secure. Although technology is a part of our everyday life, it is hard to make sure that it is going to be fraud free.