Colleges tighten anti-hacking rules

Recent Internet security breaches at two college campuses prompted public state higher education officials Thursday to impose tougher rules for the use of personal information in computer files.

The Board of Regents for Higher Education adopted a policy that tightens security controls, requires additional staff training and makes college and university presidents responsible for maintaining systems to prevent hacking of confidential information.

The policy also makes individual campuses or offices responsible for the cost of any damages resulting from security breaches of information under their control. The policy covers the four campuses of Connecticut State University, the state’s 12 two-year community colleges and the online Charter Oak Community College.

The policy stems from incidents at Central Connecticut State University in New Britain and Housatonic Community College in Bridgeport.

In November, a computer virus at Central may have compromised personal data and financial information of about 17,000 people. And in March, two computers at Housatonic’s registrar’s office were infected with a virus, possibly disclosing personal data of as many as 87,000 people.

The prevention of unauthorized use of payroll data, registration files or other sensitive information has often been left to information technology specialists, but that “is no longer the right approach,” said Michael Meotti, executive vice president of the Connecticut State Colleges and University system.

The new policy “sets the tone for a culture of leadership responsibility” to reduce the risk of security breaches, Meotti said.