Trio of Stories Call Attention to Charity Data Risks
From Ohio to the UK, and from universities to symphonies, data security issues are not getting the attention they deserve.
Funny how stories come in threes. ZDNet UK reported on an annual IT survey of UK charities in which 38% of respondents said they were subject to a virus attack in the past year and 35% noted hacking activity against their servers. This led to the observation that charities are often attractive to hackers because they don't have the budgets or the staff to maintain tight security—and they handle money.
More specifics about the risk come from Adaptsitration, Drew McManus' blog on the ArtsJournal site that reports on orchestra administration. He describes how phishing scams have become more and more sophisticated, with phony harvesting pages that look like the real thing. Then he points out that in preparing a web site survey last year, he discovered several symphony orchestras who were not aware that their donation pages were broken, one for a period of more than five months. If nobody is monitoring the web site, it would be easy pickings for a hacker to substitute a link to a phony site.
Maybe, but it could be that is too subtle and isn't really necessary because universities are a treasure trove: Ohio University has revealed three separate incidents of servers being broken into: one had patent data and a handful of social security numbers associated with parking passes. The second was a development and alumni relations server with more than 137,000 social security numbers and names. The third was a computer associated with the campus health center, compromising medical records of 60,000 current and former students. In less than a month. This is just one incident among many.
So the IT focus for charities definitely needs to change from acquiring hardware and software to having the resources to protect charity networks and servers from outside attack. It is making an already tough job even tougher.
Comments