News / Toronto

Toronto university, college computers rife with malware, audit finds

Local schools are also using outdated – and more vulnerable – software or web applications: expert.

Lax cyber security at Toronto colleges and universities is putting students at risk for fraud and identity theft, according to an online security firm.

Security Scorecard audited schools across the U.S. and Canada, finding malware installed on computers at nearly every school in Toronto. In the case of York University and the University of Toronto, employee login credentials were also found posted to prominent hacker forums.

Local schools are also using outdated – and more vulnerable – software or web applications, said Security Scorecard researcher Alex Heid.

The persistent presence of malware – a catch-all term for malicious computer programs, including viruses – on campus computers was particularly troubling, Heid said.

“Malware can be very stealthy and its sole purpose is to harvest banking information, credit card numbers or login credentials for valuable sites like Paypal,” he said.

That means students using university computers for e-commerce or financial aid applications could become targets.

Toronto schools often took longer to clear malware infections from their networks than other universities, according to Security Scorecard. At York, the average malware infection duration was 91 per cent longer than the industry average.

The school that scored the worst in the audit was MIT. Despite the problems found, York, UofT, Ryerson and George Brown performed relatively well overall — receiving the equivalent of a B on a report card. 

Avoiding problems all together is practically impossible, Heid said.

“Once any institution gets large enough, it’s going to get hacked,” he said. “The issue is how they respond. Do they notify everyone quickly and respond to it or do they stick their proverbial head in the sand?”

Heid said schools in Toronto would be wise to update their software and limit the amount of peer-to-peer file-sharing on their networks – which is a common source of malware.

UofT spokeswoman Althea Blackburn-Evans said cyber security is about striking a balance between protecting users while ensuring access for the academic community.

The university is currently working on a new information security policy to address that among other things, she said. 

More on