Protecting Universities from Cyber Attacks

Speak to an expert

Get in touch for advice and guidance on our DPO and GDPR products and services. As we are an ASCL preferred supplier, ASCL member schools and colleges are entitled to a 10% discount on all our products and services.

Cyber security has long been a challenge for universities, and demonstrating that you take it seriously is now a prerequisite of grant funding and government contract applications. The introduction of the EU General Data Protection Regulation (GDPR) has increased the importance of cyber security and data protection. However, many universities continue to leave themselves vulnerable, and the number of recorded cyber attacks has doubled in recent years.

Cyber criminals often use social engineering tricks to access and compromise systems, manipulating people into opening scam emails, downloading malicious files or visiting fraudulent websites. The impact can be catastrophic, but risks can be vastly reduced through staff and student awareness training.

The government is working to reduce the level of cyber security risk along its supply chain and expects organisations applying for government contracts – including universities applying for research grants – to hold Cyber Essentials Plus certification.

Kieren Lovell, head of the University of Cambridge’s computer emergency response team (CERT), explains how easy it is to be duped by cyber criminals:

“At the university, we frequently see criminal hackers intercepting insecure emails before the recipient receives them. It is not unusual for people to receive attachments that have been altered, including payment details on PDF invoices, so that monies end up in the hacker’s account. Another trick is to send an email pretending to be a student asking for advice. The reader is misled into opening an attached CV or file which turn out to be malware. These criminals use nothing but trust to get into our systems and it is quick work for them."

1. Protecting what you have

GDPR training and staff awareness

Our GDPR training courses offer a structured learning path to equip your staff with the specialist knowledge and skills needed to deliver GDPR compliance within your university. Our training courses are available in a range of different formats such as online courses, distance learning, or classroom options, to suit your needs.

Learn more about GDPR training

Shop all GDPR training

Security testing

Whether it be testing your applications, networks, employees or your team, we offer a range of services that will arm you with new ways to strengthen your university's security posture against cyber threats, as well as meet the requirements of the latest standards and regulations.

Learn more about security testing

Shop all security testing products and services

Data protection impact assessments (DPIA)

This one-day workshop covers when to conduct a DPIA under the GDPR, and uses a real-life case study to demonstrate best practices and methodologies, including the application of a DPIA tool to help assess and address privacy risks.

Learn more about DPIAs

Shop all data protection products and services

PCI DSS (Payment Card Industry Data Security Standard)

The PCI DSS (Payment Card Industry Data Security Standard) is administered by the PCI SSC (Security Standards Council) to decrease payment card fraud across the Internet and increase payment card data security. It is common practice for a university to accept, store, transmit or process cardholder data, meaning you must comply with the PCI DSS.

Learn more about the PCI DSS

Shop all PCI DSS products and services

2. Protecting what you know

Penetration testing

Penetration testing is a systematic process of probing for vulnerabilities within your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals exploit.

Learn more about penetration testing

Shop all penetration testing services

E-learning training for staff

E-learning is a cost-effective, flexible and efficient means of delivering staff awareness training to your staff. Our courses cover topics from PCI DSS, Information Security and GDPR in less than an hour.

Learn more about E-learning

Shop the full E-learning suite

Consultancy services

We offer leading global consultancy across a variety of subjects, IT governance, risk management and compliance solutions. We advise global businesses on their most critical issues and present cost-saving and risk reducing solutions based on international best practice and frameworks.

Learn more about IT Governance consultancy

Shop all consultancy solutions

3. Demonstrating your protections

Cyber Essentials

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for companies of all sizes to help demonstrate to customers and other stakeholders that the most important cyber security controls have been implemented. The scheme provides five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.

Learn more about the Cyber Essentials Scheme

Shop all Cyber Essentials products and services

ISO 27001 certification

ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes the requirements for an ISMS (information security management system). Achieving accredited certification to ISO 27001 provides an independent, expert assessment that information security is managed in line with international best practice and business objectives.

Learn more about ISO 27001 certification

Shop all ISO 27001 products an services

This website uses cookies. View our cookie policy
SAVE 10%