Updated: Sept. 24, 2018 at 12:03 p.m.
Officials are making it safer to donate money to GW.
Donna Arbide, the vice president for development and alumni relations, said the development office recently upgraded security efforts, expanding the use of safes to secure physical donations and installing additional card software to protect online gifts. The updates come as people across the globe are becoming more concerned about how companies access and use their personal data after large-scale security compromises made headlines in the past year.
Arbide said the office was “inspired” to upgrade security after the EU General Data Protection Regulation was issued in the spring. She didn’t specify exactly when the University ramped up its security.
The regulation was created after Facebook and Cambridge Analytica were exposed for selling personal data to third parties.
She said the alumni office will ensure gifts to GW go to the bank immediately.
Arbide said GW has always complied with existing regulations for credit and debit card data security but is updating to meet industry standards by adding specialized payment card terminals – machines that transmit card data to GW. The standards for payment cards include suggestions for maintaining secure networks and maintaining a vulnerability management program.
She declined to say what feedback she has heard from donors about the upgrades or how the changes will impact giving to the University.
“This is a critical area of focus for the entire university, and we are proud that donors can feel confident about the way in which GW handles their information,” she said.
Cybersecurity experts said the technology updates are important in ensuring donors feel comfortable sharing some of their most delicate information with the University.
Matt Hatton, an information technology specialist at the University of Wyoming’s foundation, said foundations like GW’s fundraising office are always targets of cyber attacks because they deal with droves of financial information.
He said the University’s upgrades are effective in protecting against security threats to donors’ information, but he said data protection using technology and software is only part of the precautions. The fundraising team has to collectively understand how sensitive information is and be careful not to share information unless absolutely necessary, he said.
“As a company, you’d want to do your best to make sure the information that is provided to you is treated with respect,” he said. “The general knowledge the people that work directly with it need to understand is what kind of data is coming in and going out and who has permission to view that.”
Brendan Dolan-Gavitt, a professor of computer science and engineering at New York University, said universities across the country have been utilizing more up-to-date, private-sector security techniques – like standardizing software used across campus – as they have become more invested in cybersecurity.
“One thing that has been happening as university educating departments get a little bit more mature, they are moving more towards some of the practices that large companies use for security and IT systems, so things like a lot more standardization of configurations for their systems and things like that,” he said.
The University switched over to a dual-factor authentication last fall, requiring GW system users to confirm their identities with codes sent to their phones in addition to their passwords. Officials said at the time that dual-factor authentication would better protect sensitive information from potential cyber attacks by creating a backup barrier in case passwords are compromised.
Tom Sloper, a senior lecturer at the University of Southern California’s Information Technology program, said that because of incidents like Cambridge Analytica showing how easily personal information, like political affiliation, can be exploited, businesses like GW are taking more preventative measures.
He said any security precautions taken now will only be able to protect the University for a short time. Hackers are always adapting and learning how to crack the latest measure and steal information, he said, meaning GW will have to continue to think of new measures.
“They’re dealing with situations that they know about, but the bad guys are always going to be innovating and coming up with new ways to get stuff from you,” he said.
This post was updated to reflect the following correction:
The Hatchet incorrectly attributed context about the creation of the EU General Data Protection Regulation to Donna Arbide. The information is now attributed correctly. We regret this error.