How cloud migration can increase colleges’ data security: protecting the people that matter most


Recent cyber-attacks on colleges have resulted in the loss of important data, putting students and staff at risk. Moving to secure cloud systems provides the security needed to give colleges peace of mind and save money says Marcus Blackburn, Operations Director at Civica Education.

In recent years, we’ve seen a spate of high-profile cyber-attacks on colleges and further education (FE) institutions. It’s a common tactic for cyber criminals to use ransomware attacks on their targets. Usually, attackers work their way to gaining access to a college’s on-site systems and delete or encrypt files and data. They’ll then issue a ransom note demanding payment in return for release of the stolen data. 

Further education, along with the wider education sector, has seen an increase in ransomware attacks over recent years. Organisations which use a range of different systems and which have large number of people accessing their network should ensure they have a robust cyber security strategy in place to mitigate risks. And with the National Cyber Security Centre (NCSC) indicating that 88% of FE colleges had identified and reported a breach or attack in the last year, it’s not a threat that is going away any time soon.

Once attacked, colleges found themselves immediately unable to deliver services, make or receive payments or even access records. It’s hard to exaggerate the scale and effect of these incidents. Impacts are mainly felt on three levels: operationally, as colleges struggle to get back up and running; financially, as revenues are lost and remediation costs pile up; and reputationally, as people question the security of the data that’s held about them.

1. The operational impact

In many cases, it has taken colleges weeks, or even months, to fully recover from a cyber-attack. Restoring a compromised IT estate can be exceptionally challenging, time-consuming, and stressful for everyone. Teachers, administrators, managers and students can be affected by operational disruption, as well as key stakeholders like suppliers and employers.

For the short-term, the safest course of action is to shut down all IT systems hosted internally, which can include email and virtual learning environments. There have been instances where college enrolments and online classes were cancelled until further notice and A-level result announcements were delayed. To get back up and running operationally, IT teams needed to work overtime, often employing external consultants to help with the workload.

2. The financial impact

For many IT departments, safeguarding infrastructure poses a significant challenge to the budget in many ways. From Jisc CSIRT’s work in helping HE institutions and FES providers recover from ransomware incidents, they are aware of impact costs exceeding £2m. That’s precious funds that could be used elsewhere to enhance the learning and infrastructure of the college.

Recovery costs can also extend to hardware that’s compromised during attacks – from on-site servers to the devices used by individual staff. These may need replacing and reinstalling, costing thousands of pounds.

3. The reputational impact

You don’t have to do extensive research to discover high-profile reports of colleges and groups who have suffered from cyber-attacks. The negative headlines can be damaging for colleges who often compete for student admissions.

What can colleges and FE institutions do to tighten security their IT estate and operations?

Security isn’t optional

Moving to cloud solutions means colleges no longer need to choose between ‘more security’ and ‘better usability’. Many colleges moving to the cloud want to integrate and streamline their processes and operate more efficiently, enabling college providers to ease burdensome administrative tasks such as HR, student admissions, timetabling and records management. Staff members and students can securely access, amend and update information from anywhere. There are also scalability benefits which are not easily available on-premises without in-house system development teams.

Ultimately, colleges and FE groups are tasked with providing high-quality education for students. Resource should rarely be focused on updating and maintaining IT services. By choosing a cloud-operated supplier, who is responsible for aspects such as security and upgrades, colleges can focus on improving the student experience, driving retention and attracting new students. Colleges can then shift their focus to managing operational costs and forecasting budgets more effectively, rather than on data and software security.

Every cloud has a silver lining

It’s not just about security. Today, all colleges are facing significant challenges around budgets, resources, and compliance. They’re faced with the classic ‘do more with less’ conundrum – deliver a better (mostly digital) service but with less money and fewer people. Migrating to the cloud is an opportunity to improve student enrolment and retention, internal and external communications, as well as refocus energies on the purpose of further education – teaching, learning and research.

Cloud MIS can tackle these challenges from several angles. Their self-serve options can cut workloads for internal teams. There’s no IT estate to manage and update, because access is via URL on any connected device. Reporting is easier and more powerful. And importantly, costs are predictable.

Cost savings offer another compelling incentive for colleges to adopt a cloud-optimised environment. By only paying for the services that are used, the cloud offers significant opportunities to accelerate the return on investment – as well as eliminating the threat of costly and disruptive workload from system failures of cyberattacks.

Do more with less. Civica can help protect your data from cybercrime

Civica REMS cloud system has the scale and focused expertise that’s needed to combat cyber threats. It’s hosted in highly secure data centres, with its security capabilities constantly updating to reflect the changing threat landscape. Colleges and FE groups can manage and support learners with no need to secure on-premises hardware and software.

As cyberattacks continue to increase in our ever-more digital world, taking action to move more systems to the secure cloud could be the answer, bringing peace of mind and cost-effective solutions to already money and time-strapped colleges across the UK.

Get in touch

Discover more:

Start the conversation:

More from this theme

Sponsored post

Why we’re backing our UK skills ‘Olympians’ (and why you should too)

This August, teams from over 200 nations will gather to compete in the sticky heat of the Paris summer...

Sponsored post

Is your organisation prepared for a major incident?

We live in an unpredictable world where an unforeseen incident or environmental event could disrupt a Further Education (FE)...

Sponsored post

A new chapter in education protection!

Gallagher is a specialist in the Further Education sector, working with over 75% of Further Education colleges in the...

Sponsored post

Pearson is planting the seed for sustainability talent with new HTQ

Sustainability is rapidly becoming a key organisational goal for many businesses looking to make a difference in society, the...

Sponsored post

Curriculum planning to meet skills needs

In recent months, the UK Government made a big push towards matching colleges’ provision with that of the Local...

Code Institute
Sponsored post

Could you be the next NCG Leader?

I am extremely proud to lead NCG, and right now we have five rare and exciting opportunities to join...


Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *


  1. My FE institution was hit by ransomware back in November 22, and was pretty much knocked out of commission for two months. Apparently all of their phone lines ran through Microsoft Teams – so they couldn’t even make phone calls. And tutors couldn’t access their accounts, so none of them were able to tell us what was going on.

    It’s been five months now, but no word from the college if any of our data were compromised.

  2. Given the recent lockout of Western Digital Cloud services, Cloud data storage has its own issues to navigate.

    All organisations should be following the rule of 3-2-1 for backing up vital data, keeping two copies on site and one offsite. When I hear of institutions falling victim to ransomware I know someone wasn’t proactive when budgeting the IT department.

    • It was a disaster. From what I understand they had to “isolate their systems” or shut everything down. No idea what happened behind the scenes to get everything back up and running.

      But it shows the problem when every single thing is digitised – and you’re locked out to the point you can’t even phone or email your students for two months.

      We didn’t even know what happened when we all logged on for our lesson and there was nothing…one student saw a notice on a temporary website and posted it in our Google Classroom.

      On the bright side – they managed to sort it and get everything online.