Higher education defences are down
Higher education institutions are going through a rapid and constant digital transformation just like every other sector. And the past year has definitely put that the process into overdrive. But in many cases network security and safeguarding practices haven’t developed at the same pace.
Cyber security has been a growing issue long before the pandemic struck. More colleges and universities have started to use Software-as-a-Service (SaaS), and while it’s made administrative techniques much more time efficient, it’s also meant organisations are generally storing a lot more student data.
Then, almost overnight, they had to ditch old processes and put in place technology and software that allowed them to switch over to a remote learning model. With almost the entire student body logging in from home, and at a time where networks needed to be at their most robust, organisations were finding it even more difficult to manage and maintain network security.
The sector is a constant cyber target
The National Cyber Security Centre (NCSC) investigated regular spikes in ransomware attacks on the UK education sector over the past 12 to 18 months.
And cyber criminals have been quick to capitalise on back-to-university season. According to Tom Kendrick, a cyber security expert at Check Point Software, criminals targeted the education sector more than any other industry in the month of July 2021.
The NCSC announced it was looking into the latest round of attacks back in June 2021 and encouraged institutions to sign up to their Early Warning service – it’s completely free and keeps organisations up to speed on any malicious activity they need to keep an eye on.
Everyone on campus needs to play their part
Universities are generally much more clued up on the common proactive steps they have to have in place to sure up their defences (we covered a few of them off in our previous blog on ransomware). But there’s still a lot more they can do to create a more connected effort across campus.
Andy Phippen is professor of digital rights at Bournemouth University and Emma Bond is professor of socio-technical research at the University of Suffolk. In an article for Times Higher Education, they put emphasis on students being better educated on cyber threats and knowing what preventative measures they need to stay on top of to keep criminals at bay.
It’s very often the case that students get to university having had very little cyber security training. But warding off cyber threats is no longer just the job of IT departments. Andy and Emma write: “…a digitally resilient institution is one that has effective safeguards in place but also one that equips all stakeholders with the knowledge to keep their, and corporate, assets protected.”
Students can be a better line of defence
There are simple and effective skills students can learn to significantly reduce the likelihood of falling victim to cyber crime or online abuse.
Things like using strong passwords, or better, setting up two-factor authentications. Also making sure they’re the only person who has access to their accounts. Students can sometimes entrust login details to friends or partners, but if relationships go sour, their personal and private information is often used against them.
Universities and colleges need to be better at educating students on the pitfalls of poor security – not only to help protect important institutional and student data, but to empower young people to better guard themselves against online abusers.
We can help with cyber cover
With a growing cyber threat in the sector, universities and colleges need a cyber policy in place to protect them if this worst should happen.
At RMP, we have a partnership with Pen Underwriting on their cyber product, and we’d be happy to talk you through the scope of cover in detail. For more information, you can get in touch with us at email@example.com.
Published date: 18th November 2021
This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such. It should not be regarded as a comprehensive statement of the law and or market practice in this area. In preparing this note we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained herein. It reflects our understanding as at 8th November 2021, but you will recognise that matters concerning COVID-19 are fast changing across the world. You should not act upon information in this bulletin nor determine not to act, without first seeking specific legal and/or specialist advice. Our advice to our clients is as an insurance broker and is provided subject to specific terms and conditions, the terms of which take precedence over any representations in this document. No third party to whom this is passed can rely on it. We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s reliance upon any information we provide herein and exclude liability for the content to fullest extent permitted by law. Should you require advice about your specific insurance arrangements or specific claim circumstances, please get in touch with your usual contact at Risk Management Partners.
Risk Management Partners Limited is authorised and regulated by the Financial Conduct Authority. Registered office: The Walbrook Building, 25 Walbrook, London EC4N 8AW. Registered in England and Wales. Company no. 2989025