Jisc, the organisation operating the United Kingdom’s research and education network recently asked universities and colleges in the UK higher education sector to take part in the Jisc Cyber Security Posture Survey 2018. The survey explores the challenges that universities and colleges face today and the ways in which they are dealing with them.

In particular, the survey results reveal the top three threats faced by UK universities today:

• Phishing/ Social Engineering,
• Ransomware/Malware and
• Lack of Awareness/Accidents, with human error a key problem.

In Australia, a series of cybersecurity forums held this year by AARNet revealed similar findings for cyber threats faced by universities here.

So how can you defend your university against these cyber threats? Creating awareness about the threats and how individuals can protect themselves is paramount.

The Australian Government’s Stay Smart Online website is a useful resource providing a wealth of information, including:

Phishing

How to protect yourself from Phishing attempts:

• Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know.
• Be especially cautious if messages are very enticing or appealing (they seem too good to be true), or threaten you to make you take a suggested action.
• If a message seems suspicious, contact the person or business separately to check if they are likely to have sent the message. Use contact details you find through a legitimate source and not those contained in the suspicious message. Ask them to describe what the attachment or link is.
• Before you click a link (in an email or on social media, instant messages, other webpages, or other means), hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognize or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.
• Use a spam filter to block deceptive messages from even reaching you.
• Understand that your financial institution and other large organisations (such as Amazon, PayPal, Google, Apple, Facebook and others) would never send you a link and ask you to enter your personal or financial details.
• Use safe behaviour online. Learn about how to use email safely and browse the web safely.

Malware

How to significantly reduce your risk of being affected by malware:

• Use anti-virus software and automatically download signature updates daily.
• Keep all your other software up to date too.
• Use strong passwords and passphrases.
• Back-up your files regularly – ideally every day.
• Disable Microsoft Office macros. (Macros are small programs used to automate simple tasks in Microsoft Office documents but can be used maliciously – visit the Microsoft website for information on disabling macros in your version of Office).
• Use safe behaviour online. Learn about how to use email safely and browse the web safely.
• Regularly check the software installed on your computer, tablet and other devices and uninstall any programs or software that is unused. If you see new programs or software that you did not agree to install, search the program name or ask your local computer repairer or retailer about the program, to see whether it is safe to use.

Cyber Security Awareness

Training and educating your staff is vital to having a strong online security system in place to manage cybersecurity threats. Put in place an online security awareness program to keep you and your staff informed about good online security practices. It should include:

• basic training for staff
• updates and reminders on policies, standards and best practices
• a regular, scheduled review to update existing security measures
• signing up staff to the date with the latest online threat information.

Read more about how to implement a security awareness program.

Stay Informed

Stay informed on the latest threats – sign up for the Stay Smart Online Alert Service.