1. Engage with stakeholders

Cyber security affects everybody, whether it’s employees responsible for protecting your data, third parties with whom you trust your information or data subjects themselves.

By helping them understand the importance of effective security – including the steps you’re taking to protect your systems and the ways they can help – you ensure that everybody is part of the solution.

One way you can do this is to provide staff awareness training for anyone who handles sensitive information as part of their job.

Another solution is to provide advice to students and staff on the ways they can help. That might include practising good password security or learning how to spot phishing scams.

2. Install anti-malware software

Malware is one of the biggest risks that organisations face. It can wreak havoc by gaining access to and stealing confidential information, damaging files and even locking them and preventing access unless you pay a ransom.

Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware) and including options for virus removal will protect your computer, your privacy and your important documents from attack.

3. Apply patches and updates

Cyber criminals can rapidly exploit vulnerabilities once they’ve been discovered and shared publicly.

Criminal hackers take advantage of known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.

Updating software and operating systems will help to fix these known weaknesses.

4. Implement access controls

Because of their large workforce and annual turnover of students, universities naturally have large networks with many entry points.

It’s therefore essential that you create access controls limiting who can access certain information. This reduces the risk of students or staff viewing information that they shouldn’t, and also limits what a cyber criminal can do if they compromise someone’s account.

5. Share your threat intelligence

Cyber criminals will often target multiple organisations using the same methods, looking for one that has a weakness that be exploited.

By communicating with other universities about the threats you face, you can help each other prepare for attacks.

For example, if one institution reports a particular phishing campaign targeting, say, an upcoming conference, other universities can spread the word among staff and students.

Likewise, if there’s another data breach such as the one that happened at Blackbaud, universities can help each other by describing how they were affected and urging fellow institutions to assess their systems.