“However, you and I don’t lose sleep over assassins nor a sophisticated hacker.”

Although others aren’t necessarily losing sleep, they’re paying attention.

MSU is an institution with thousands of connected faculty, staff and students. Communications are exchanged and personal details and research are housed on the computer network each day, said Joe Budzyn, network management and security team leader for MSU IT Services.

“It is necessary to have security to prevent data from being released inappropriately,” he said.

Because the university and other major institutions sit on a wealth of invaluable information, it only makes sense for people to try to breach computer systems and profit off personal data, Enbody said.

“Right now, there is a whole underground economy that is devoted to computer crime,” Enbody said.

State of security
Across the MSU computer network, digital firewalls, extrusion prevention devices, anti-malware and antivirus software have been installed to prevent easy access to users’ information and their work, Budzyn said.

MSU, by law, must keep sensitive information secure, including payroll and Social Security numbers, Enbody said. And because the university plays a role in research, it would be in officials’ best interest to protect intellectual property from breaches.

“There is a huge amount of very valuable information at a university, and that’s not surprising,” Enbody said. “We’re all about knowledge here.”

But if it is inevitable that any sort of data defense can be breached, officials wonder: How much computer security is enough at MSU?

“How many padlocks does it take to protect your bike?” Budzyn said. “Would adding five more padlocks prevent it from being stolen? Every security system is fallible, attackable.”

He declined to say how many times MSU’s network has experienced a computer hack and to what extent because the release of that information itself might pose its own security risk. Budzyn also declined to talk about how any unsuccessful attacks were foiled.

“There have been security events in the past, yes,” he said. “There have been some successful sorts of attacks and some unsuccessful.”

Breaching the network is not the only way information becomes accessible.

There have been very few security incidents at MSU during the past three years, and those that occurred were limited in scope — including a stolen faculty laptop containing student PIDs for one particular class, said David Gift, MSU’s vice provost for libraries, computing and technology, in an email.

Defense breakdown
According to Privacy Rights Clearinghouse, a California-based nonprofit organization aimed to raise awareness of how technology affects personal privacy, 604 breaches of security have been made upon educational institutions since 2005.

“The reason for the list … is to increase awareness,” said Beth Givens, director of Privacy Rights Clearinghouse, adding the list of breaches — while extensive — is not complete because many go unreported.

In April 2005, the most recent security incident reported from MSU according to the nonprofit, student information was compromised during an attack on a server housed by the College of Education. About 27,000 records were affected, and the information included Social Security numbers, names, addresses and more. Students were emailed about the incident three months later.

According to university guidelines, any person whose confidential data has compromised is required to be notified of the incident.

Advertising freshman Lauren Margraves said if her information were breached at MSU, she’d like to hear about it.

“It’s a little freaky to think about,” she said. “Just put out more warnings to students to let us know.”

At Ohio State University, 760,000 students, professors and other staff members were notified in December 2010 that their personal information might have been accessed, according to The Columbus Dispatch. In response, school officials offered a year of free credit protection.

And in 2007, databases at the University of Michigan were breached, exposing up to 5,500 personal records, according to the Privacy Rights Clearinghouse.

“We would prefer not [to] address specific incidents or operational details,” said Kelly Cunningham, director of U-M’s Office of Public Affairs in an email. “Like all organizations, the university does experience IT security incidents.”

Including businesses, financial services, government entities and more, Privacy Rights Clearinghouse has compiled more than 544 million records of computer breaching incidents since 2005. The database is updated about every two days, according to its website.

Phishing and safety
Criminals increasingly are targeting users rather than attacking networks, Budzyn said.

In January, MSU Federal Credit Union, or MSUFCU, was the target of a phishing attempt where many of its customers received an email requesting personal information.

“We did not have a security breach … (but) there isn’t anything we can do to stop people from phishing for information,” said April Clobes, executive vice president of MSUFCU.

Like MSU officials, Clobes wished not to talk about the state of its security networks, other than to say a whole department at the credit union is devoted to monitoring the system every day. If customers see suspicious activity, they should contact the credit union, she said.

As the world increasingly shifts toward digital information, students should pay attention to where personal information is shared, Enbody said.

“My son, when he was in middle school, described it best: Don’t be stupid,” he said. “Don’t click on stuff that might be suspicious.”