Universities staff need to understand their role in keeping hackers at bay
Blog posted by: Kuldip Sandhu, Higher and Further Education Consultant, Innovative Quality Solutions (IQS), 31 October 2018.
In a second blog post looking at the cyber resilience challenge in the further and higher education market, Kuldip Sandhu of Innovative Quality Solutions, considers the responsibilities academic and administrative staff have in helping to beat the hackers.
Universities have become a hunting ground for the unscrupulous hackers. Recently the Cobalt Dickins hacking group, which is linked to the Iranian government, was revealed to be behind an attempt to breach the systems of 76 universities in 14 countries. This included a number in the UK in the Times Higher Education Top 50 as well as others across Europe, the US and Asia.
This came just six months after the US Department of Justice charged nine Iranian hackers with attacking more than 300 universities around the world. This attack succeeded in duping 8,000 academics to respond to a phishing email and saw the group access 15 billion pages of academic projects.
These projects often include cutting-edge research and lucrative intellectual property which is why the further and higher education sector is so attractive to the hackers. They see potential riches – not a surprise when the Economist magazine reports that data is now the world’s most valuable commodity.
In my last blog post I examined the importance of helping students understand their role in cyber resilience. However, the thwarted attacks give a stark reminder as to why it is so important for academic and administrative staff to have the right online behaviours. They use technology as an enabler to manage personal information, carry out experiments and collate data. So it has never been more vital to understand about good online behaviours.
University staff have to know what their responsibilities are in keeping their institution’s IT system resilient particularly as 90% of cyber breaches are caused by human error. In a recent KPMG/Harvey Nash reporteducation is the worst-affected sector for cybercrime.
Beating the threats is made even more complex as the majority of colleges and universities operate with clear distinctions between departments and faculties with little crossover and often on different sites, sometimes miles apart.
That is why it is important to have clear guidelines about staff’s online behaviours, particularly as any breach has the potential to inflict reputational and financial damage on the institution. It is also likely that research projects will involve academic and research staff working with industry partners, even other universities, which creates “weak spots” – so it is vital everybody understand how to keep the IT system secure.
Cyber resilience training should therefore be mandatory and all modules should be completed otherwise being locked out of IT systems could be a consequence.
RESILIA® Frontline provides the perfect tools: a suite of proven e-learning modules designed to be integrated easily into a university’s existing IT system. Each module takes ten to 15 minutes to complete and covers the full spectrum of cyber risk including online safety, phishing, social media protection, protecting information and safe device use. It includes a learning dashboard for administrators to measure and track progress.
The reality is that a cyber breach could be just a mouse click away and the evidence shows one in three universities face hourly attempts, so it is unlikely the threat isn’t going away soon.
Putting the right awareness training in place for staff and students alike will help to thwart the unscrupulous and protect reputations.
Visit AXELOS.COM/resilia-higher-education to request a free copy of the paper I co-authored with AXELOS ‘Protecting the reputation of UK Higher Education with your most valuable defence; your people’, co-authored by myself and AXELOS Global Best Practice.
You can also speak to one of the RESILIA team or request a live demo by visiting AXELOS.com/resilia-frontline.
Read Kuldip Sandhu's previous AXELOS blog post Universities need to meet student challenge for cyber resilience
Latest News from
Death or glory: The power of frequent product releases18/09/2019 10:20:00
Blog posted by: Allan Thomson – PPM Product Ambassador, AXELOS, 17 September 2019.
PRINCE2 – professional skills for non-project managers16/09/2019 15:43:00
Blog posted by: Julia Gosse BEd, Project, Programme and Portfolio Management consultant and trainer; associate to SPOCE Project Management, 13 September 2019.
ITIL 4 – recognizing a range of best methods13/09/2019 10:20:00
Blog posted by: Rafal Stanczak – Test Manager/Agile Coach, Orbium (part of Accenture Wealth Management), 12 September 2019.
Did you know you are a project manager?11/09/2019 10:20:00
Blog posted by: Ana Bertacchini – Project management expert, 10 September 2019.
The Seven Cs of Programme Failure09/09/2019 10:20:00
Blog posted by: John Edmonds, AXELOS PPM Portfolio Development Manager, 06 September 2019.
ITIL 4 transition: look no further than the Guiding Principles05/09/2019 16:20:00
Blog posted by: Phil Hearsum, ITSM Portfolio Manager – AXELOS, 05 September 2019.
Generalists vs. Specialists – what will the PPM future bring?04/09/2019 10:20:00
Blog posted by: Tom Lynam – AXELOS Territory Brand Manager, 03 September 2019.
PRINCE2 Practitioner - helping project managers reach the next level02/09/2019 13:20:00
Blog posted by: Susan Tuttle – Project and Change Management Training Specialist, 30 August 2019.