This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:

Protecting Universities from Cyber Attacks

Cyber security has long been a challenge for universities, and demonstrating that you take it seriously is now a prerequisite of grant funding and government contract applications. The introduction of the EU General Data Protection Regulation (GDPR) has increased the importance of cyber security and data protection. However, many universities continue to leave themselves vulnerable, and the number of recorded cyber attacks has doubled in recent years.

Cyber criminals often use social engineering tricks to access and compromise systems, manipulating people into opening scam emails, downloading malicious files or visiting fraudulent websites. The impact can be catastrophic, but risks can be vastly reduced through staff and student awareness training.

Kieren Lovell, head of the University of Cambridge’s computer emergency response team (CERT), explains how easy it is to be duped by cyber criminals:

“At the university, we frequently see criminal hackers intercepting insecure emails before the recipient receives them. It is not unusual for people to receive attachments that have been altered, including payment details on PDF invoices, so that monies end up in the hacker’s account. Another trick is to send an email pretending to be a student asking for advice. The reader is misled into opening an attached CV or file which turn out to be malware. These criminals use nothing but trust to get into our systems and it is quick work for them."

The government is working to reduce the level of cyber security risk along its supply chain and expects organisations applying for government contracts – including universities applying for research grants – to hold Cyber Essentials Plus certification.

1. Protecting what you have

GDPR Training Courses

EU General Data Protection Regulation (GDPR) training and staff awareness

Our GDPR training courses offer a structured learning path to equip your staff with the specialist knowledge and skills needed to deliver GDPR compliance within your university. Our training courses are available in a range of different formats such as online courses, distance learning, or classroom options, to suit your needs.


Find out more Shop now


Security testing

Security testing

Whether it be testing your applications, networks, employees or your team, we offer a range of services that will arm you with new ways to strengthen your university's security posture against cyber threats, as well as meet the requirements of the latest standards and regulations.


Find out more Shop now


Data protection impact assessment (DPIA) workshop

Data protection impact assessment (DPIA) workshop

This one-day workshop covers when to conduct a DPIA under the GDPR, and uses a real-life case study to demonstrate best practices and methodologies, including the application of a DPIA tool to help assess and address privacy risks.


Find out more Shop now


PCI DSS

PCI DSS (Payment Card Industry Data Security Standard)

The PCI DSS (Payment Card Industry Data Security Standard) is administered by the PCI SSC (Security Standards Council) to decrease payment card fraud across the Internet and increase payment card data security. It is common practice for a university to accept, store, transmit or process cardholder data, meaning you must comply with the PCI DSS.


Find out more Shop now

2. Protecting what you know

Penetration testing

Penetration testing

Penetration testing is a systematic process of probing for vulnerabilities within your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals exploit.


Find out more Shop now


E-learning training

E-learning training for staff

E-learning is a cost-effective, flexible and efficient means of delivering staff awareness training to your staff. Our courses cover topics from PCI DSS, Information Security and GDPR in less than an hour.


Find out more Shop now


Consultancy services

Consultancy services

We offer leading global consultancy across a variety of subjects, IT governance, risk management and compliance solutions. We advise global businesses on their most critical issues and present cost-saving and risk reducing solutions based on international best practice and frameworks.


Find out more Shop now

3. Demonstrating your protections

Cyber Essentials

Cyber Essentials

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for companies of all sizes to help demonstrate to customers and other stakeholders that the most important cyber security controls have been implemented. The scheme provides five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.


Find out more Shop now


ISO 27001 standard

ISO 27001 standard

ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes the requirements for an ISMS (information security management system). Achieving accredited certification to ISO 27001 provides an independent, expert assessment that information security is managed in line with international best practice and business objectives.


Find out more Shop now