University Sends Internal Student List To Student – Why Data Encryption Will Always Be Needed.

Eight thousand students and applicants to Duquesne University narrowly avoided becoming victims to a data breach.  Or, rather, they avoided becoming victims to personal information peddlers.


A file containing mostly students’ financial information was sent by mistake to a Duquesne student, who promptly reported the incident to university officials.  The information included Social Security numbers and household incomes.


This incident illuminates the constant need for file encryption.  The opportunities to send e-mails, with or without attachments, to the wrong recipients are numerous.  With e-mail software such as Microsoft Outlook, where the program automatically tries to find the correct address as you begin to type the name in the “To:” field, has led to numerous mistakes for many people.


I myself have experienced such instances.  Common names such as Dave, Tim, or John seem to require the need to exercise great restraint and caution prior to clicking the “send” button.  On more than one occasion have I felt my inside sink as I’ve watched an e-mail being sent out to the wrong person.


Such problems are, obviously, accidents.  And try as one may, accidents are not going away.  While instances of one sending an e-mail to the wrong person cannot be eliminated, there is something that can be done to prevent the wrong recipient from accessing the contents of an attachment with sensitive data: encryption.


In the above scenario services offered by AlertBoot could have been configured so that documents generated by a set of users are automatically encrypted.  Knowing that financial aid information must be coming from the financial aid department, a university IT administrator could configure the AlertBoot settings so that, as an example, all spreadsheets created by anyone in the financial aid department are encrypted automatically.  This way, if the information accidentally leaks out of the department, everyone can rest assured that the information is not available.


As I pointed out before, accidents cannot be eliminated and the above solution does not curtail e-mails being sent to the wrong recipient.  However, it does eliminate the need for the university to cover its bases by telling students and their families to keep an eye out for suspicious activity on their credit reports.

Comments (0)

Let us know what you think