Universities are at increased risk of cyberattack: Here are five things you can do about it

Janine Chasmer
Janine Chasmer

With a wealth of valuable intellectual property, research data and sensitive student and faculty information at their fingertips, universities have become prime targets for cybercrime and data theft – and the implications of this malicious action are huge. Not only does it impact the university’s reputation, but it also creates a whole host of legal problems, in addition to affecting future funding and operations. For example, if student fees and associated income are lost as a result of an attack, it may become impossible to recover. 

It is therefore crucial that educational institutions respond with a solid security strategy that will not only safeguard their reputation and protect their valuable assets, but will also ensure the trust of their students, faculty members and investment stakeholders.  

With that in mind, here’s how such a strategy should be approached: 

Recognise the unique risks that universities face 

The first step in combatting cyber risks is to recognise the unique vulnerabilities that make universities prime targets in the first place.  

First of all, the decentralised nature of university environments makes it challenging to maintain consistent security measures across all departments and campuses. Despite this, however, the open academic culture often fosters collaboration and information sharing, which often leads to increased data risk.  

On top of this, universities with a lack of infrastructure-based funding may struggle to keep their technologies up to date. This inevitably leads to a lack of effective security patches, which can make systems even more vulnerable to risk.  

Acknowledging these risks and using the information gathered to determine which digital technologies to invest in is the first step towards making security a priority. 

Develop a comprehensive security strategy 

Once they have the right systems in place, universities must develop a comprehensive security strategy that will keep these systems safe. This strategy should be tailored to each institution’s individual needs and encompass a combination of technical measures, policies and procedures that can mitigate risks effectively.  

It’s also crucial to conduct a thorough risk assessment to identify any current vulnerabilities and develop a prioritised action plan. For instance, it may be imperative to implement strong access controls, firewalls, intrusion detection systems and encryption protocols as an immediate action. Then, CIOs should continue to review and update their security policies to ensure they remain ahead of evolving threats.  

Educate and empower system users 

Of course, good systems and a solid security plan can only go so far. As people remain one of the weakest links in university security, it’s also imperative to invest in training and education, empowering students, faculty members and staff to adopt cybersecurity best practices.  

Offer regular training sessions on topics like phishing, password hygiene and safe browsing habits and encourage the use of strong, unique passwords enabled with multi-factor authentication. It’s also important to foster a culture of vigilance and encourage users to report any suspicious activities they might spot. 

Establish incident response and recovery plans 

Incidents may still occur in spite of the robust security measures that you adopt. Establishing successful incident response and data recovery plans is therefore essential if you are to minimise the impact.  

Create a dedicated incident response team of IT professionals, legal experts and PR representatives to act on your behalf, in addition to defining clear protocols for detecting, containing and dealing with security incidents. It’s also important to test these on a regular basis to ensure they remain effective.  

Given that such plans often fall outside a university’s usual remit of activity, it can be a good idea to partner with cybersecurity specialists like Equantiis who can guide you through ongoing digital change. Of course, establishing data backup and recovery processes to minimise downtime and data loss in the event of an attack is also essential. 

Foster collaboration and the safe sharing of information 

Establishing partnerships with other universities, government agencies and industry organisations to share best practices and threat response strategies can also help to protect your university. Collaborative efforts can help to identify emerging threats and collectively address common security challenges. This is something that Equantiis can help with, though we also recommend participating in any relevant cybersecurity workshops, conferences and forums whenever you can.  

As universities face increasing threats from cybercriminals, security measures must be moved to the forefront of their agenda in order to protect invaluable assets and maintain the trust of students, faculty members and stakeholders alike. By recognising the unique data risks that universities are plagued by, it becomes easier to develop a comprehensive security strategy that not only educates and empowers users but also establishes a quick road to recovery if things don’t go to plan.  

Investing in robust, modern security measures can help universities to safeguard their long-term academic success, safeguarding the valuable information entrusted to them along the way. Of course, collaborating and sharing information with other key stakeholders and seeking guidance from cybersecurity experts like Equantiis only helps to enhance security, ensuring that the systems, solutions and plans put in place always make the grade. 

Share this article

More about the author

Janine Chasmer
Janine Chasmer - Principal Consultant

Janine’s career includes 10 years in the not-for-profit sector, specifically within membership, and she leverages her industry expertise and first-hand experience with a wider range of clients, including Membership and Charity, where she provides consultancy on a range of areas including Business Strategy, Customer Experience improvement and process optimisation. In recent years, Janine has applied these consulting skills to the Education sector, supporting HE and FE institutions to improve their applicant and student experience at key phases such as application, enrolment, Clearing and progression. Other projects include Digital and Data Strategy, process and automation, and Student Journey optimisation. She has also worked as a SRM Functional Consultant, using this unique insight of both sector knowledge, and enabling technology to achieve transformational outcomes. Janine is also a regular event speaker and creates and shares industry and sector insights with her network.