U.S. research universities’ best option is to segment information so a balance can be struck between security and the need for an open network, experts say. Most sensitive information should be taken off the Internet and accessible only through university-approved computers on campus. Security experts agree that the schools should audit all the information they hold, including research data and student and employee personal information; categorize it all and then decide the level of security needed. For less sensitive data, there’s more flexibility, such as two-factor authentication.”]