I've heard a number of reasons why this is the case but there are a few that regularly stand out:
- The openness of the academic infrastructure. This may promote the free flow of information but makes controls difficult to enforce.
- Decentralized environment. In most colleges, each department is responsible for its own systems, and many view the central IT team more as an annoyance than a protector.
- A migrating user base. Every few months, students connect new systems - many times lacking the appropriate patches and anti-virus software - to the school network.
- A test run. Many hackers view colleges as a place to try out their latest attack methods.
- Loads of personal information. Colleges are notorious for holding on to critical data, like Social Security numbers, for way longer than necessary.
- Not your smartest user base. Students today may be the most tech-savvy when it comes to operating computers and applications, but they fall quite short when it comes to safeguarding themselves from attack.
Colleges are trying to get all of these issues under control.
Some are taking innovative approaches.
One merits some recognition: The University of Michigan at Flint recently launched its second annual Computer Security 101 Exam. And it's not just another test, students will be happy to know.
It's a test with prizes - some pretty cool and sought-after stuff, actually, including Dell laptops, Apple MacBooks, iPods and Nintendo Wiis. Students are tested on their ability to spot online fraud, namely malicious pages attempting to phish one's credentials or install malcode.
Students can retake the tests until they achieve a perfect score. At that point, they'll be eligible to win the prizes.
Incentives do work, so we applaud the University of Michigan-Flint - which was the victim itself of a hacker attack in December - for taking such an approach.
Because, in the end, end-users are the weakest link. Perhaps some businesses can learn a thing or to from this proactive measure.