If you think your organisation’s cyber security is missing the mark, then you’re not alone. In a 2019 experiment conducted by Jisc, a university and research centre digital services agency, security testers were able to breach the systems of 50 UK universities in under two hours, accessing personal data of students and staff, research networks, and finance systems.
Fortunately, Jisc was not trying to steal data, just prove a point: dwindling budgets and limited resources mean that certain higher educational establishments are cyber sitting ducks. Confidentiality might be taken seriously, but digital security spending has been seriously lacking, and these institutions will suffer serious damage as a result.
Jisc’s head of security operations centre, John Chapman, said the experiment proved how vulnerable universities were to spear phishing – highly targeted malware emails, which are sent to senior personnel, encouraging them to click a link or download an attachment.
“We are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills and investment,” said Chapman. With the increasing sophistication of these attacks, he warned of a looming disastrous data breach, saying: “Universities can’t afford to stand still in the face of this constantly evolving threat.”
Legal obligations, digital dilemma
In the perfect storm, this comes at a time when ISO 27001 – the most widely recognised standard for Information Security – is now a statutory requirement for all colleges and HEIs, and it’s worth schools considering too. At last, the sector must get those ducks in a row and meet the standards required for cyber protection.
For those who don’t act, a malware attack might mean their organisation could no longer operate – IT infrastructure is vital to the day-to-day running of any college or university, from communications to lesson plans, personal data to course material.
Start the process to certification today
Let our ISO management system and certification experts help you to become certified to ISO 27001. We assess if your existing processes satisfy the requirements and help you make any necessary changes to achieve compliance, helping you to ensure data security, protect confidentiality and effectively manage sensitive information.
Make sure your standards are up to scratch and you’ve done all you can to protect your data. From primary schools to universities, an education in ISO 27001 certification is just a phone call away.