For higher education institutions, the start of the new academic year was unlike one ever witnessed before. Not only did they have to contend with finding ways to reopen campuses in a COVID-safe way for both staff and students, but the industry was also on the receiving end of a stark warning from The National Cyber Security Centre about the rising number of cyber-attacks against colleges and universities.
Due to the sheer volumes of data they have ownership of, the number of people located in a single community, and the open structure of the technical architecture, universities and colleges have long been seen by cybercriminals as an opportunity to exploit information. In fact, higher education institutions across the UK experience up to a thousand attacks every year and Microsoft found that 61% (nearly 4.8 million) of malware encounters reported in August 2020 took aim at the education sector
These troubling stats are brought into even starker focus when you consider that just weeks before the start of the autumn term, education institutions including Newcastle University and Northumbria became the latest victims of ransomware attacks.
It’s therefore vital that higher education institutions heed the warnings and begin to assess where their cyber security risks lie to better inform their security strategies moving forwards. In this blog, we’ll look at the key considerations for universities as they embark on this journey to better cyber security and data protection.
Why are they being targeted?
The university network is often the home to large volumes of personal and research data, intellectual property, and other assets that are of significant value to cybercriminals as well as the institution itself. As a result, universities face substantial risks, often in the form of phishing and ransomware attacks that can expose staff and students to account hacking, credential theft, and credit card fraud. It can also leave networks, which may house large amounts of IP and data, sometimes on behalf of industry and government, vulnerable.
Putting policies in place
To minimise risk and safeguard data, institutions must begin to adopt transparent strategies and policies. This includes backing up data and keeping it offline at certain points on a regular basis, as well as monitoring network traffic and managing access controls. With many thousands of staff and students to protect, active two-factor authentication should be considered to give every network user an extra element of security.
Higher education institutions must also plan for solutions in the event of a security breach and consider the possibility of shutting down entire network and systems for a period of time, if required. This will enable actions to respond to an attack and identify the infection point and reset and analyse the infrastructure, allowing the institution to get back up and running safely.
It will also allow the time to change passwords, update credentials, and restore data as necessary as well as notify authorities of the breach as necessary to comply with data protection and security regulations.
Now we’ve established some of the key principles for improving cyber security within higher education, in my next blog I’ll explore exactly how they can safely process large volumes of data and maintain security in a changing education landscape.