Cyber attacks are on the increase and organisations’ data and networks are now more at risk from sophisticated cyber criminals than ever. But it’s not just governments, financial institutions, retailers, and businesses at risk. It has been reported that more than a third of UK universities are hit by a successful cyber attack every hour and 87 per cent of UK Universities have experienced at least one successful cyber attack.
When hackers gain unauthorised access to student data, dissertation material, exam results, research data, and intellectual property, the results can be catastrophic. Universities are left with a potentially massive expense to put things right, and experience interruption to research projects, damage to their reputation, and attacks can even impact national security.
The Collaborative Nature of Universities
First and foremost, higher education aims to stimulate learning and facilitate research. To facilitate this, institutions provide a unique cultural environment with open access to information technology resources, group collaboration, and free communication, both internally and externally. Certain resources are made available to students for course-related research, and even to the public. Historically, there has been little restriction on access to information for precisely this reason.
Clamping down excessively on access and security control could be averse to this ethos, counter productive to study, and rob the higher education learning experience of its purpose. Chief Information Officers (CIOs) must consider the nature of higher education carefully in order to implement the cybersecurity measures that are essential to protect staff, students and institutions’ economic and private interests from vulnerability.
How Do You Ensure Cybersecurity on Campus?
Freedom to access information and IT resources is a crucial part of academia. But there are things you can do to prevent cyber attacks from occurring and to enable damage limitation if an attack does occur. What can be done to protect universities and higher educational institutions from cyber attacks without these security measures impacting on the teaching, learning, and research that is central to their existence? cyber attacks from occurring and to enable damage limitation if an attack does occur. What can be done to protect universities and higher educational institutions from cyber attacks without these security measures impacting on the teaching, learning, and research that is central to their existence? cyber attacks from occurring and to enable damage limitation if an attack does occur. What can be done to protect universities and higher educational institutions from cyber attacks without these security measures impacting on the teaching, learning, and research that is central to their existence?
Take Individual Needs into Account
Scholars need to communicate their needs to the appropriate people in order for Chief Information Officers to determine who needs access to exactly what. They can then take steps to accommodate each individual’s needs while avoiding users accessing resources they don’t need and running the risk of introducing new security risks.
Minimise Security Vulnerabilities While Maximising Productivity
CIOs will require input from faculty and students to determine an acceptable risk level so that they can devise appropriate security policies. For example, a two-factor authentication scenario may be time consuming and inconvenient to users, but the risk could render it necessary in some instances.
Establish Trust and Transparency
Users need to know they can raise their concerns about a potential problem or security incident immediately, without being judged. Trust is crucial to avoid a situation from occurring where a student or member of staff keep information to themselves or attempts to resolve an issue on their own, and the situation deteriorates.
Educate and Inform
All users need to be on board and aware of procedures and what to look out for when using IT resources. Make everyone aware of threats such as phishing and be sure to explain risks using language with which individuals can relate – do not assume users have prior knowledge or are already aware of IT terms. Remember that a misinformed user could turn out to be a major security vulnerability on board and aware of procedures and what to look out for when using IT resources. Make everyone aware of threats such as phishing and be sure to explain risks using language with which individuals can relate – do not assume users have prior knowledge or are already aware of IT terms. Remember that a misinformed user could turn out to be a major security vulnerability.
Improve Communication
A culture of two-way communication between CIOs and all IT users will be mutually beneficial. When new or additional security restrictions are announced, they reach the end users seamlessly. The problem with cyber security is that it cannot be controlled by a single person and effective communication is crucial.
Encourage Appropriate Use
Users need to be aware that it is their responsibility to notify I.T. staff before they take action that could impact on security. If a user repeatedly violates security policies, there must be appropriate consequences; for example the loss of access privileges. Similarly, consider rewarding appropriate behaviour, and recognising proficient users and delegating security-related responsibilities to maximise efficiency.
Although cyber security is increasing in seriousness, frequency and sophistication, there are things you can do to protect your university or higher educational institute from becoming a victim of cyber security crime. Get in touch with us for more information on how we can help your educational institute, college, or university.