Last year, Mellon said, Wisconsin began telling faculty members not to take their laptops and cellphones abroad, for fear of hacking. Most universities have not gone that far, but many say they have become more vigilant about urging professors to follow federal rules that prohibit taking some kinds of sensitive data out of the country, or have imposed their own restrictions, tighter than the government’s. Still others require that employees returning from abroad have their computers scrubbed by professionals.
That kind of precaution has been standard for some corporations and government agencies for a few years, but it is newer to academia.
Information officers say they have also learned the hard way that when a software publisher like Oracle or Microsoft announces that it has discovered a security vulnerability and has developed a “patch” to correct it, systems need to apply the patch right away. As soon as such a hole is disclosed, hacker groups begin designing programs to take advantage of it, hoping to release new attacks before people and organizations get around to installing the patch.
“The time between when a vulnerability is announced and when we see attempts to exploit it has become extremely small,” Conrad said. “It’s days. Sometimes hours.”