We use cookies to give you the best experience and to help improve our website

Find out more about how we use cookies

Choose whether to use cookies:

No thanks That's fine

Skip to main content

Jisc

You are in:

  • Blog
  • A robust cyber security strategy is one of the top priorities for my college

Utilities:

  • Site search
  • Disabled site navigation menu
  • Search the Jisc website
    Close search results

Search the Jisc website
Close search results

Navigation items within A robust cyber security strategy is one of the top priorities for my college

Blog

A robust cyber security strategy is one of the top priorities for my college

Ken Thomson

by Ken Thomson

 on 30 May 2018

As a college leader there are many concerning issues to consider, including the pressure on funds, doing the best I can for staff and students and keeping up with ever-changing shift in government policy. But right up there on my list of priorities is cyber security, particularly protection of the college network and the countless online systems which depend upon it.

College students working in the library
Creative Commons attribution information
College students working in the library
©Jisc and Matt Lincoln
CC BY-NC-ND

The national research and education network, Janet, is central to everything we do, so losing that connection would be a disaster: pretty much everything would grind to a halt.

Just imagine – no email, no admin or finance systems, no wifi or internet, no virtual learning environment and no access to learning resources. There’s also a risk that students could lose their work and we’d have to revert to a style of teaching we’ve taken years to modernise. Last, but by no means least, it could be a PR nightmare.

Students don’t hang about when something like this happens. There’d be no hope of keeping such a huge problem quiet, since students used to smartphones and 24/7 internet access will be quick to vent on social media, just as soon as they can get connected. Their comments are bound to be picked up by the media, and your comms team will be doing their best to limit the reputational damage.

my advice is to concentrate on preventative measures, which are expensive, but still cheaper in the long run

Then there’s the obvious disruption and loss of productivity for the duration of outage, not to mention the cost of extra personnel hours to deal with the clean-up and repair. There is some research which puts the cost of a network outage at around £3,300 per minute, but I’d rather not think too much about that! Instead, we recognise something like this is avoidable and my advice is to concentrate on preventative measures, which are expensive, but still cheaper in the long run.

However, I know cyber security isn’t always a priority for college leaders, and that must be a frustration and a worry for staff in many colleges who realise that it doesn’t pay to skimp on this issue.

For colleges like Forth Valley, which are thinking about upgrades to digital systems or infrastructure, it’s important to consider cyber security as an integral and inter-dependent part of all college systems. A college-wide strategy sets clear goals and outlines how you’re going to achieve them, but for this to work effectively, buy-in from senior decision-makers is essential.

it’s important to consider cyber security as an integral and inter-dependent part of all college systems

At Forth Valley College, we have recently launched a creative learning and technologies strategy, with six “ambitions”. One of these is that our IT infrastructure is safe, secure, robust and agile enough to embrace changing needs and practices. This places cyber security at the heart of both our strategy and our thinking.

As part of this strategy, and as we move into a new headquarter campus, we are planning to re-invest in our infrastructure, ensuring that we take advantage of advances in technology.

During this process, many companies are keen to talk to us, and tell us how good their products are. Getting good and, crucially, impartial advice can be tricky, and potentially costly if you go down the private consultancy route. This significant role is performed for us by the sector’s not-for-profit technology solutions organisation, Jisc, which acts as both an impartial and critical friend.

Jisc acts as both an impartial and critical friend

We have worked closely with Jisc for some time and benefit hugely from its advice and guidance. Staff on the Janet Network computer security incident response team (CSIRT), for example, are always available to help us deal with security problems. And our IT staff are often signposted to Jisc experts, who in turn may put us in touch with other further education institutions which can demonstrate best practice on projects that are already in place and we can emulate or learn from.

Steps you can take

As a result, we know what we must do to keep our staff, students, network and systems safe. If you’re not sure what a good cyber security strategy looks like, contact Jisc, check out the National Cyber Security Centre website, or go through the following check list:

What are the risks?

Start with a risk assessment. What are you trying to protect against? Criminal gangs, disgruntled students and staff, 'hacktivists'? Does your institution have relationships with organisations or industrial partners that might make you an attractive target? And where are your biggest vulnerabilities?

Network security

Put measures in place to defend the network perimeter, and to filter out unauthorised access and malicious content. Monitor and test these security controls. Segment your network so if one machine gets infected with malware you limit the ability for it to spread across the whole institution.

User education

Produce security policies for all users clearly setting out acceptable and secure use of your systems. Maintain awareness of online security risks by providing ongoing training for staff and students, covering on-campus and remote access.

Malware

Put in place anti-malware defences such as anti-virus software, end-point protection solutions. Make sure they are turned on and kept up to date.

Patchwork

Make sure you know what software and hardware you have in place, so you can easily and quickly update as soon as new security patches are released.

Managing user privileges

Not everyone needs full admin access, so only provide privileged access to those who need it.

Incident management

Accept that bad things will happen, and encourage a culture where people know how to report things that seem suspicious. Set up protocols so everyone knows what to do in the event of security incident and practice it. Know who to call if you need help when you are attacked.

Monitoring

Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyse incident logs for unusual activity that could indicate an attack.

Share intelligence

Join CiSP (Cyber Security Information Sharing Partnership) and encourage your staff with responsibility for cyber security to network with peers. Make use of existing capabilities. For example, if you teach cyber security courses, encourage those students to become security champions/ambassadors for others. Jisc members will be automatically plugged into its sector-specific intel sharing system.

Set the standard

Once the basics are in place, aim to reach the government’s Cyber Essentials or Cyber Essentials Plus standards. These provide assurance that you are on right track and can demonstrate to stakeholders that you are cyber security aware.

Finally, remember that the threat landscape is ever changing, so it’s important to regularly review and evolve your cyber security strategy and to adopt a digital infrastructure that can evolve to accommodate the latest technology. At the end of the day, the principal and/or chief executive must understand the risks and responsibilities of cyber security; ultimately, it’s their job to ensure the cyber safety of their college, their data and their people.

Share this

About the author

Ken Thomson

Ken Thomson

Ken is the principal and chief executive of Forth Valley College.

Most read
  • Members risk falling offline if they do not comply with new domain name system (DNS) protocols
  • Ten search engines for researchers that go beyond Google
  • 5 top tips to enhance your students' experience
  • Member stories: moving towards Education 4.0
  • The potential of Education 4.0 is huge – the UK must take the lead, now
Related
  • Are FE colleges underestimating the risk of cyber attacks?
  • Five tips for improving cyber security
  • What do you think good cyber security services look like?
  • Defending against cyber-attacks – we’re stronger together
  • How our new security products and services strategy is supporting you

Share this

You may also like…

Blog

Are FE colleges underestimating the risk of cyber attacks?

A new survey[1] of cyber security attitudes across the further and higher education sectors indicates ...
Blog

Five tips for improving cyber security

Your institution may have invested in faster connectivity or the latest technologies and systems to ...

You are in:

  • Blog
  • A robust cyber security strategy is one of the top priorities for my college
  • Give feedback

    Areas

    • Connectivity
    • Cyber security
    • Cloud
    • Data and analytics
    • Libraries and research
    • Student experience
    • Advice and guidance

    Explore

    • Guides
    • Training
    • Consultancy
    • Events
    • R&D

    Useful

    • About
    • Membership
    • News
    • Jobs

    Get in touch

    • Contact us
    • Twitter
    • Facebook
    • LinkedIn
    • YouTube
    • Cookies
    • Privacy
    • Modern slavery statement
    • Accessibility