IT response to JISC article regarding University cyber security

As colleagues maybe aware there have been a few articles on prominent websites indicating that the University sector is particularly at risk from cyber-attacks:

Firstly, IT would like to clarify that Reading has not taken part in any ethical hacking exercise. The BBC article suggested that all Universities had but Jisc have since clarified that it was only Universities who currently consume that service and with their prior knowledge and agreement.

IT would also like to take this opportunity to reassure colleagues that although the threat is ever present we are taking an increasingly robust stance on cyber security. A few examples of this are:

  • We block about 85% of e-mail being sent to University of Reading, the messages being blocked comprise of spam, phishing, extortion e-mails.
  • As part of the IT Security Project we have taken steps to reduce the threat and impact of compromise, such as removing administrative rights on PCs and improving our process for updating PCs and servers.
  • We provide staff with information on how to be aware and stay safe online: and in addition to this IT has signed up to a simulated phishing and awareness training service. This will help IT evaluate how staff currently react to phishing e-mails and to identify areas where we can make improvements.
  • Cyber Essentials certification has been achieved for the Henley Business School and for the Agricultural & Food Investigation Team (AFIT) in Agriculture. Cyber Essentials is a recognised cyber security qualification backed by the government to help organisations protect themselves against common online threats.

The article is helpful in that it raises awareness of the challenges that face the sector and reinforce the need for investments in our security. Whilst we cannot protect against everything, we believe that the iterative improvements we are making are working towards that ultimate goal but a lot more still needs doing.

If you have any particular areas of concern then these can be raised through the IT Service Desk or through your IT Business Partner.