I am hearing increasing reports of UK academic institutions suffering from ramsomware attacks. These are now happening much more frequently than in the past and the consequences, in some cases at least, can be devastating. It is no longer a question of if you will be attacked but when you will be attacked and how serious the impact will be.
Here are some things that you should be thinking about:
If you are still hosting your email on-premises, move to the cloud as soon as possible, taking advantage of Office 365 or Google Workspace for Education.
Once in the cloud, ensure that you take steps to protect your Microsoft or Google resources from attack as far as possible. In particular, enable MFA for all admin and end-user logins.
Move as many other services as possible to cloud infrastructure or adopt ‘aaS’ equivalents of applications currently being run on-premises. In all cases, make sure that you configure your cloud resources as securely as possible.
Whilst cloud isn’t necessarily secure by default, the levels of investment in cyber security that cloud providers are able to make coupled with a clear understanding of the shared responsibility model afford a big advantage over on-premises deployments. By adopting least privilege approaches and defense in depth you will be taking significant steps towards protecting your resources. Use tools such as the CIS Benchmarks as a guide for securing your cloud environments.
For any services that have to be run on-premises, ensure that you have reliable and regular backups in place, preferably stored off-site or in the cloud and accessed by the least number of people possible.
Invest in cyber awareness and training for all members of your institution. Find ways to continually remind them that their use of personal, educational and work-related IT infrastructure is liable to be under constant threat and that attack vectors may be social as well as technical.
Ensure that you are taking full advantage of all the cyber security offerings from Jisc. Most of these are freely available as part of your Jisc subscription. Contact your Jisc account manager for more information. The Jisc cloud solutions and cyber teams can advise about all these options. If you are seeing attacks, please report them to the Jisc incident response team.
We are continuing to see a rise in the number of cyber attacks and we are continuing to see those attacks working. Threat levels are extremely high currently. You need to give cyber security your fullest attention and you need to do that throughout your institution – not just your senior management, not just your governance team, not just your cyber security experts – everyone. You can no longer afford to treat cyber security as the domain of a few experts within your organisation – it needs to be on everyone’s agenda.
