Dive Brief:
- The University of California System is taking heat from faculty at UC Berkeley after a faculty member on the campus IT committee sent an email to his colleagues explaining the extent of a new computer network monitoring system.
- The Daily Bruin reports the new system was installed following an attack on UCLA Health in July 2015 and kept quiet until last week, secretly monitoring and possibly recording all traffic into and out of the campus network.
- While the university has said it is not reading faculty emails, privacy concerns have been raised, as well as concerns that the system acted without regard to proper shared governance procedures.
Dive Insight:
Colleges and universities are at particular risk of cyberattack because of their relatively open networks and wealth of stored personal data. UCLA’s data breach resulted in more than a dozen still pending lawsuits. The stakes are high for properly protecting sensitive data. Perhaps the University of California’s monitoring is in line with the system’s needs. But faculty who might agree with that still have reason to be upset about the way the new system was implemented. As in so many things, up-front communication with stakeholders is key.
What’s more, installing the new monitoring plan quietly created a missed opportunity to educate users about security threats. Even the best security systems are foiled by human error, as seen in a recent phishing attack at the University of Virginia.