Cyberattacks are an ongoing threat to all kinds of businesses, and now they are spreading to universities and other education institutions.
It makes sense when you think about it. Do you know what you are talking about in your fields, whether it’s law, medicine, business or government.
It’s the case that, for some universities, cybersecurity has not dominated their IT agenda – but this must now change. A number of high-profile attacks on Australian universities have shown the risk of attack and the scale of that can be done.
The solution is not only in improving IT security but also in strategic decision-making and ensuring a flow of good information to board members. Good governance is not only a business advantage. IT, security and increased team Awareness of risk and risk management.
Breached for six months
In June, it revealed that the Australian National University had been breached, with as many as 200,000 individuals’ data compromised . The breach occurred late in 2018 but was only discovered in May 2019. Records were taken back to 19 years ago were accessed.
Vice-chancellor Brian Schmidt told the ABC that in addition to academic records, the data accessed “, may include names, addresses, birth numbers, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details , and passport details “.
Needless to say, the university took swift action to improve its cybersecurity, governance and risk-management processes.
The breach highlights the financial and business data: personal data can be highly lucrative and open the door to further attacks and security breaches.
Education is a target
Criminals are intensifying their attacks on the education institutions around the globe for several reasons. Research is one: Computer Weekly reported that in the UK, “with 93 per cent of research commissioned by government and almost a third of that relating to national security”, its universities were under victories .
Tellingly, the report noted that the primary targets were scientific, medical, economic and defense research.
Personal data is another: in the US, it’s not just the major universities at risk. Community colleges are under attack , 20 years or more.
Yet it seems many institutions are lagging when it comes to managing these risks. Back in Australia, a recent Auditor General’s report has highlighted NSW universities’ continued vulnerability to cyberattacks. One university was deemed to be at high risk of theft of sensitive data and there were 35 “moderate risk” weaknesses in universities’ risk controls – 28 of which were “repeat findings”.
Software is the solution
What then is the solution? In simple terms, IT security is the key. But boards must go beyond ‘simple terms’ and consider how best to protect their organizations. Many higher education institutions have multiple boards, covering corporate, academic, social and other areas of concern.
Deploying a single board management platform is a common set of governance tools. In the first instance, this minimizes the institution’s ‘attack surface’ by reducing the number of software tools used and simplifying management.
Modern solutions – like Diligent Boards – so have ‘baked in’ to their tools, including messaging, document sharing, board papers, voting and more. In particular, secure tools for board members to communicate, collaborate and share information are vital.
Victoria University deployed Diligent Boards in 2018 and have been enjoying improved functionality and security . With data hosted in Australian data centers and 24/7 support, the university’s IT team has been reassured by the new portal.
Senior Project Manager Will Thompson noted that Diligent Boards “makes it easy for board members to use their smart devices to navigate the board”.
But the benefits do not end there. Modern governance tools facilitate better strategic decision-making by providing better data and better insights. This includes better decisions around security. Critically, it also includes better insights into behavior and gives board members the opportunity to lead by example.
It is well-known that ‘risk leadership’ behavior by boards helps create a risk and security-aware culture within an organization, which is critical to guaranteeing the effectiveness of risk controls and security systems. That’s because – as many of us can attest – even the best technologies in the world want to be hampered by managers and those who do not appreciate their adoption.
Deploying a modern governance solution is the best way for education institutions to enjoy all these benefits, protect their sensitive data, and more.
Diligent is the pioneer in modern governance. Unparalleled insight and highly secure, integrated SaaS applications, helping organizations thrive and endure in today’s complex, global landscape.
October 30, 2020
Top 5 Mistakes to Avoid When Transitioning to Virtual Board Governance
With rapid change affecting businesses (including growing emphasis on environmental, social and governance (ESG) principles and the COVID-19 pandemic), it seems organisations are called on to be more: more informed, more collaborative and more responsive to stakeholders. The systems and processes that businesses need now are encapsulated in the concept of modern…
September 7, 2020
Avoiding Cyber Confusion in the Board Room
It is imperative that Directors understand the cyber risks facing their companies and organisations. The increasingly complex internal and external landscape presents unique challenges for Boards. Several key steps can however significantly increase the cyber resilience of any company or organisation, irrespective of size. The article outlines five key steps…
August 20, 2020
Minimising the Risk of Virtual Meetings: 5 Practices Boards Should Avoid
Months into the COVID-19 lockdown, remote workers—and board members—have become more accustomed to virtual meetings. They’ve found a quiet place in the house, mastered the mute and camera buttons, and fully styled their background bookcases and “Zoom couture.” Yet as virtual work becomes a way of life, not all adaptive…