Boston University placed seventh from the bottom in a study on higher education institutions’ web security. BU received an overall grade of ‘D’ at 68 percent, according to a Thursday release.
Compiled by cybersecurity analysis firm SecurityScorecard, the 2015 Higher Education Security Report ranked BU among prominent universities like the Massachusetts Institute of Technology, the University of Cambridge and the University of Southern California in the 10 least secure, out of 485 schools surveyed. MIT, Cambridge and USC received respective overall scores of 61 percent, 64 percent and 67 percent.
The 10 bottom colleges and universities all received ‘F’ grades on password exposure, meaning that the SecurityScorecard’s benchmark platform “automatically finds email addresses and exposed passwords” that might belong to students or full time employees, according to the report.
SecurityScorecard’s Chief Research Officer Alexander Heid said that he had expected prominent universities like BU to achieve better grades.
“We looked at American universities that had an IP address footprint of more than 1,000 IP addresses that were publicly facing,” Heid said. “As [universities and] industries put more of their operations online, it creates more and more surface area for potential problems.”
Heid added that low-graded institutions do not necessarily have poor internet security, saying that MIT’s malware was probably found in its research facility.
“A lot of the malware detection and IP replication were flags that we were seeing,” he said. “But aside from that, there was also a bunch of administrative stuff.”
Some of the notable universities with the strongest reported security postures are the University of North Alabama and Pepperdine University, ranked at six and 10, respectively. All top 10 universities received ‘A’ grades in seven of the 10 grading categories.
Eric Jacobsen, Information Security manager at BU, said that university’s size was a significant factor in why BU scored poorly in the report.
“The larger schools tend to float towards the bottom and the smaller schools tend to float towards the top. And that has to do with the size of the network, the complexity of the network, the number of posts we have here,” Jacobsen said. “The stuff that [SecurityScorecard] are calling forward is certainly stuff that we take seriously and work on. We have got a large number of users, and a large internet presence.”
Several BU students said they have mixed views on the report, some saying that BU should strive for better digital security.
Jia Li, a sophomore in Questrom School of Business, said that she feels safe despite the outcome of the report.
“The passwords [at BU] have a stricter requirement than most other schools,” she said. “We have such a large population, and [students are] probably using their username for other stuff that got us the lower grade.”
Jonathan Hernandez, a freshman in the College of Arts and Sciences, said the result of the report does not compare to the inherent “danger” of living in a digital age.
“We live in an information age, and our information has always been in jeopardy once we made an account [online],” he said. “I don’t really feel more in jeopardy.”
Cole Schoneman, a freshman in the College of Communication, however, said that the money spent on a year of college at BU does not reflect the services the university ostensibly provides.
“Going to a school like BU where you have specific login credentials to access the internet, you should have your information protected,” he said. “You’re going to a top 50 university, it shouldn’t be equivalent to going to a Starbucks and using public Wi-Fi.”
