Safeguarding our colleges from cyber threats is a matter of education

Investing in education and awareness for staff and students is a key tool in our fight against cyber attacks, explains Sharon Archer

Investing in education and awareness for staff and students is a key tool in our fight against cyber attacks, explains Sharon Archer

28 Feb 2023, 5:00

Research published by the DfE found that 39 percent of UK businesses had identified breaches or cyberattacks in the past 12 months. However, when it came to education and training institutions the numbers were much higher: 70 per cent for secondary schools, 88 per cent of further education colleges and 92 per cent of higher education institutions have fallen prey to such attacks. 

Colleges and other FE providers store large amounts of sensitive data, including student and staff information, which makes them prime targets for cyber criminals. If left unprotected, this data could be exploited for financial gain or other malicious purposes.

Cyber criminals use social engineering to convince people to open attachments or click on links. No matter what technology you put in place, some users will still fall victim. In essence, this means that the biggest cyber security threat within any organisation is its own staff.

Colleges and training providers often invest in the latest technology to combat cyber criminals, but at Kirklees College, we felt that we needed to go further and significantly reduce the chance of falling victim to a breach.

We decided to offer cyber security continuous professional development (CPD) to all staff and cyber security qualifications to our adult students, which we started to roll out in June 2022. 

It’s important to recognise that cyber security is not just a concern for the IT department, but for everyone within the college; from 16- to 18-year-old students who spend a significant amount of time online to adult students who may be less tech-savvy, it is essential to educate and prepare our community for the risks they face.

We chose Gateway Qualifications because their cyber security qualifications are fully resourced, which is important: lecturers and support staff are often time-poor and cyber security may not be their specialist subject.

Students were encouraged to take up the qualification and the feedback has been overwhelmingly positive. Many have found that their brand-new knowledge has been implementable in both their personal and professional lives, such as recognising potential bank fraud and spotting suspicious email addresses.

The biggest cyber threat to any organisation is its own staff

Every day, we are exposed to phishing scams, identity theft, unsecured Wi-Fi networks, unsafe devices, viruses, unsecured websites and social engineering, as well as the challenges of cyberbullying and online radicalisation. Learners and staff need support in navigating these risks.

By implementing cyber security training and qualifications for both staff and students, we are equipping our community with the necessary skills and knowledge to stay safe online and I would recommend this to any organisation.

While I appreciate that not every organisation will be able to implement training across the board like we have, it’s important to recognise that as the world becomes increasingly digital with more people working from home and more sensitive services like banking and health going online, individuals need to be proactive in protecting themselves from cyber threats. Education is central to building cyber security best practices.

There are numerous resources available to individuals looking to learn more about cyber security. The National Cyber Security Centre (NCSC) offers a wealth of resources and advice. Their Cyber Aware campaign is a great starting point for individuals looking to improve their cyber security knowledge. 

Having said that, cyber security should be a priority for all training and education institutions and I am proud to be a part of a college that takes it seriously. 

Recently, we worked closely with Ofsted inspectors in a consultancy capacity, and they were very interested in our cyber security practices. They were reflective and highly praised our efforts in the area. It was a great validation of the hard work we have done to prioritise the safety and security of our students and staff.

Education is our best bet when it comes to cyber security. As educators, it is not enough to rely solely on technology to protect us. By investing more in the thing we do best, we can bring education to bear on this growing threat. Cyber security training is key to empowering our students and staff to take proactive steps to protect themselves, their data and our organisations.  

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *

One comment

  1. James

    The article says 39% of all business but 70% (schools), 88% (FE) and 92% (HE) are affected.

    There are probably multiple things going on here, such as:

    Private businesses may well under report as their reputation and bottom line will be under threat. By their very nature they are going to be less transparent. Whereas educational institutions are more likely to report every threat as public funds are at stake and they can use it in the debate around underfunding.

    The networks are different. The Janet network is used widely in education. Is this less secure than other networks? or perhaps just an easy way for cyber gangsters to identify the education sector and target?

    If the sector is being deliberately targeted, beyond it just being an easy target, then there is an apparent lack of appetite to investigate who or why…

    Lastly, if all of the above is rubbish and it’s a level playing field, then stating that “the biggest cyber threat to any organisation is its own staff” is important. If the sector is has more than double the instance of breaches, what does that say about those working in it, those using the systems or the level of competence in keeping systems secure.

    Given all the above, it is perhaps also valid to question how effective low level training is. It’s been a common area of training and CPD for at least a decade, yet the figures are the figures… Could they be any worse?