Sponsored post

How cloud migration can increase colleges’ data security: protecting the people that matter most


Recent cyber-attacks on colleges have resulted in the loss of important data, putting students and staff at risk. Moving to secure cloud systems provides the security needed to give colleges peace of mind and save money says Marcus Blackburn, Operations Director at Civica Education.

In recent years, we’ve seen a spate of high-profile cyber-attacks on colleges and further education (FE) institutions. It’s a common tactic for cyber criminals to use ransomware attacks on their targets. Usually, attackers work their way to gaining access to a college’s on-site systems and delete or encrypt files and data. They’ll then issue a ransom note demanding payment in return for release of the stolen data. 

Further education, along with the wider education sector, has seen an increase in ransomware attacks over recent years. Organisations which use a range of different systems and which have large number of people accessing their network should ensure they have a robust cyber security strategy in place to mitigate risks. And with the National Cyber Security Centre (NCSC) indicating that 88% of FE colleges had identified and reported a breach or attack in the last year, it’s not a threat that is going away any time soon.

Once attacked, colleges found themselves immediately unable to deliver services, make or receive payments or even access records. It’s hard to exaggerate the scale and effect of these incidents. Impacts are mainly felt on three levels: operationally, as colleges struggle to get back up and running; financially, as revenues are lost and remediation costs pile up; and reputationally, as people question the security of the data that’s held about them.

1. The operational impact

In many cases, it has taken colleges weeks, or even months, to fully recover from a cyber-attack. Restoring a compromised IT estate can be exceptionally challenging, time-consuming, and stressful for everyone. Teachers, administrators, managers and students can be affected by operational disruption, as well as key stakeholders like suppliers and employers.

For the short-term, the safest course of action is to shut down all IT systems hosted internally, which can include email and virtual learning environments. There have been instances where college enrolments and online classes were cancelled until further notice and A-level result announcements were delayed. To get back up and running operationally, IT teams needed to work overtime, often employing external consultants to help with the workload.

2. The financial impact

For many IT departments, safeguarding infrastructure poses a significant challenge to the budget in many ways. From Jisc CSIRT’s work in helping HE institutions and FES providers recover from ransomware incidents, they are aware of impact costs exceeding £2m. That’s precious funds that could be used elsewhere to enhance the learning and infrastructure of the college.

Recovery costs can also extend to hardware that’s compromised during attacks – from on-site servers to the devices used by individual staff. These may need replacing and reinstalling, costing thousands of pounds.

3. The reputational impact

You don’t have to do extensive research to discover high-profile reports of colleges and groups who have suffered from cyber-attacks. The negative headlines can be damaging for colleges who often compete for student admissions.

What can colleges and FE institutions do to tighten security their IT estate and operations?

Security isn’t optional

Moving to cloud solutions means colleges no longer need to choose between ‘more security’ and ‘better usability’. Many colleges moving to the cloud want to integrate and streamline their processes and operate more efficiently, enabling college providers to ease burdensome administrative tasks such as HR, student admissions, timetabling and records management. Staff members and students can securely access, amend and update information from anywhere. There are also scalability benefits which are not easily available on-premises without in-house system development teams.

Ultimately, colleges and FE groups are tasked with providing high-quality education for students. Resource should rarely be focused on updating and maintaining IT services. By choosing a cloud-operated supplier, who is responsible for aspects such as security and upgrades, colleges can focus on improving the student experience, driving retention and attracting new students. Colleges can then shift their focus to managing operational costs and forecasting budgets more effectively, rather than on data and software security.

Every cloud has a silver lining

It’s not just about security. Today, all colleges are facing significant challenges around budgets, resources, and compliance. They’re faced with the classic ‘do more with less’ conundrum – deliver a better (mostly digital) service but with less money and fewer people. Migrating to the cloud is an opportunity to improve student enrolment and retention, internal and external communications, as well as refocus energies on the purpose of further education – teaching, learning and research.

Cloud MIS can tackle these challenges from several angles. Their self-serve options can cut workloads for internal teams. There’s no IT estate to manage and update, because access is via URL on any connected device. Reporting is easier and more powerful. And importantly, costs are predictable.

Cost savings offer another compelling incentive for colleges to adopt a cloud-optimised environment. By only paying for the services that are used, the cloud offers significant opportunities to accelerate the return on investment – as well as eliminating the threat of costly and disruptive workload from system failures of cyberattacks.

Do more with less. Civica can help protect your data from cybercrime

Civica REMS cloud system has the scale and focused expertise that’s needed to combat cyber threats. It’s hosted in highly secure data centres, with its security capabilities constantly updating to reflect the changing threat landscape. Colleges and FE groups can manage and support learners with no need to secure on-premises hardware and software.

As cyberattacks continue to increase in our ever-more digital world, taking action to move more systems to the secure cloud could be the answer, bringing peace of mind and cost-effective solutions to already money and time-strapped colleges across the UK.

Get in touch

Discover more: civica.com/rems

Start the conversation: educationsuite@civica.co.uk

More Supplements

The Schools Week & FE Week Festive Advent Calendar

Twelve days of festive fun with multiple competitions, prizes and fundraising

FE Week Reporter
FE Week Reporter

Awarding giants silent as bids open to run ‘Gen 2’ T Levels

A process to 'refresh' 7 existing T Levels launched last week

Billy Camden
Billy Camden

ETF pledges whole-sector movement to professionalise FE staff

A new strategy from the FE improvement body commits to better serve independent and adult learning organisations

Shane Chowen
Shane Chowen

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *


  1. My FE institution was hit by ransomware back in November 22, and was pretty much knocked out of commission for two months. Apparently all of their phone lines ran through Microsoft Teams – so they couldn’t even make phone calls. And tutors couldn’t access their accounts, so none of them were able to tell us what was going on.

    It’s been five months now, but no word from the college if any of our data were compromised.

  2. Given the recent lockout of Western Digital Cloud services, Cloud data storage has its own issues to navigate.

    All organisations should be following the rule of 3-2-1 for backing up vital data, keeping two copies on site and one offsite. When I hear of institutions falling victim to ransomware I know someone wasn’t proactive when budgeting the IT department.

    • It was a disaster. From what I understand they had to “isolate their systems” or shut everything down. No idea what happened behind the scenes to get everything back up and running.

      But it shows the problem when every single thing is digitised – and you’re locked out to the point you can’t even phone or email your students for two months.

      We didn’t even know what happened when we all logged on for our lesson and there was nothing…one student saw a notice on a temporary website and posted it in our Google Classroom.

      On the bright side – they managed to sort it and get everything online.