10 inexpensive ways to vanquish cyber spies in education

“Addressing the cyber threat is imperative for schools and universities,” says Michael Hartland of SnapComms

Just a few short years ago, cyber security was a barely-recognised threat. It felt intangible, a concern for the future perpetrated by bored yet technically gifted teenagers.

Fast-forward to today and it is the most pressing IT issue for many organisations.

The motivations behind cyber attacks can range from political to personal, or just plain mischievous. But the risks are far more clear and profound – compromised data, stolen research and reputational damage.

The nearly 1,200 UK breaches in 2016-17 were double the number of attacks in the sector the previous year.

Addressing the cyber threat is imperative for schools and universities, yet needn’t be complicated or expensive, as these 10 suggestions make clear:

1. Make communication a priority

In today’s bustling workplaces it’s often difficult to get messages through to teaching staff. These people are busy – their inboxes bulge with emails, students place demands on their attention – so it’s important to have reliable, authoritative IT comms that staff take notice of.

Tip: Introduce a communication channel exclusive for high-priority messages. Desktop alerts which pop-up on staff computer screens and bypass email are very effective.

2. Reach everyone, everywhere

Advising on cyber security best practice, or informing of policy updates, requires aligning all staff – wherever they are, and whatever device they’re using. Neglecting anyone leaves the door open for potential breaches.

Tip: Ensure your communications don’t exclude anyone. Increase readership through targeting messages for greater relevance. Schedule messages to send at times where staff are most likely to see them.

3. Train and reinforce

When staff are your first line of defence, training is the armour they need. Increasing risk awareness and process knowledge, through staff training programs, is the surest way to effect sustained behavioural change.

Tip: Maximize attendance by promoting your training sessions in a pop-up RSVP tool. Make them available to remote staff, or those who couldn’t attend, via video alerts.

4. Share learning

Listing every such tip would create an article dozens of pages long, but there is value in sharing best practice.

Tip: Establish a collaborative online forum which allows staff to submit cyber security tips (with your IS Manager as moderator).

5. Define escalation process

Despite every best effort, sometimes the worst happens. Ensure that crisis management procedures are documented, and involve representatives from every department.

Tip: Practice your plan with realistic dummy scenarios periodically (after all, you do this for physical exercises such as fire drills).

6. Build an online database

In protecting your organization from the risk of cyber attack, you’ll amass a wealth of information – compliance policies, procedures, secure password tips, etc. Making these available in a single repository not only allows staff to easily access them, it also makes maintenance simpler for you.

Tip: Work with your IT team to create a dedicated section on your intranet.

7. Engage students

Any tactical plan around cyber security must include the ability to target students – in any faculty, on any campus.

Tip: Digital signage in common areas like libraries are highly-visible tools to promote best behaviour practices to wide audiences.

8. Foster a cyber-safe culture

Fostering a security culture helps your efforts by sharing the responsibility and making everyone part of the solution.

Tip: Reinforce best practice and promote cyber security tips through passive channels, such as corporate screensavers.

9. Simulate attacks

How confident are you that staff will act in the best way when an attack occurs? The best way of gauging this is to simulate an incident, such as a phishing email distributed to all staff and the IS team monitoring interactions with it.

Tip: Use progressive email testing in your simulations, where content is increasingly difficult to identify as malicious, to help define your potential risk level.

10. Repurpose useful content

Don’t reinvent the wheel; a lot of material has been written on the subject already, some of which may be readily available through your institution’s partner network.

Tip: Get a list of vendors from your IT department and evaluate which has valuable content that you can make use of.

Michael Hartland is an Internal Communications Specialist at SnapComms, a leading global provider of digital employee communication solutions.