31 March 2015 Jen Summerton, Executive Director
Universities need to be more savvy about cybersecurity, according to a report in The Guardian, owing to the substantial amount of commerially-sensitive data, as well as students’ personal and financial details that they hold. Professor Awais Rashid, Director of Lancaster University’s security research centre, commented in the article that universities also have an intrinsic virtual (and cultural) openness which makes them “obvious targets for cyber-attacks”. In addition to teaching and research, “most are now involved in commercial activity…but they can’t be shut down in the way other businesses might”, the report says.
The article also points out that the high turnover of students and visitors, each bringing laptops and mobile devices and linking up with friends, researchers and external organisations worldwide, means that data is put in an extremely vulnerable position compared to many private companies. Martyn Thomas, visiting professor of software engineering at the University of Oxford, says that some vice-chancellors do not always take cybersecurity seriously enough. The article goes on to explain some of the problems associated with creating secure IT systems for universities. You can read it in full here.
Whilst some universities may not be as aware of the issues as they need to be, the sector has started to address them, with UCISA recently producing an Information Security Management Toolkit. A team of staff from five universities and colleagues from Jisc Technologies have created a resource for use by information security/governance professionals wishing to put in place an information security management system (ISMS) in their organisation. There's further information on the UCISA website.