Show/Hide navigation
University of Reading

IT Security Project: stronger cyber security helps us all

Tuesday, 06 February 2018

Internet security

Colleagues,

Today is the Safer Internet Day, a day marked internationally to promote the safe and positive use of digital technology among young people.

I wanted to use the opportunity to highlight a project we have embarked on to make the use of digital technology at the University safe and secure for all our staff and students.

The IT Security Project was established against a background of growing concern and awareness at a national level about:

  • the increasing frequency and severity of cyber security threats to organisations and individuals,
  • the importance of protecting personal and other sensitive data,
  • the cost and disruption of dealing with data breaches in terms of business continuity and lost revenue.

The Project addresses the significant risks we face as a higher education institution in terms of:

  • reputational damage if sensitive data or intellectual property is taken or disclosed to unauthorised third parties,
  • the financial cost of data breaches in terms of potential fines and major service disruption,
  • the particular sensitivity of much of the data we hold on students, staff and research projects.
  • the potential loss of commercial income from external customers who increasingly expect us to hold recognised accreditation in cyber security,
  • non-compliance with forthcoming General Data Protection Regulations (GDPR).

Why a project, and why now?

The University has done much to protect itself against these risks in recent years, but the increasing threats, together with new regulatory requirements, led us to re-assess the risks.

We are dedicating significant priority and resource to strengthen our IT security and to put in place measures, policies and processes which will help us manage our software and information better as an institution.

The University experienced two significant IT security breaches in 2016/17; one affecting part of a central service function and the other affecting one of our academic departments. Although we were fortunate not to have lost personal data in either case (we obtained specialist forensic expertise to verify this), these incidents served to highlight some of the particular vulnerabilities we face as an open, collaborative, HE institution.

More recently we have experienced significant growth in the number of “malware” attacks delivered via rogue email attachments and links; a problem which requires us all to be vigilant and aware of these risks.

How will the project affect me?

Although many of the protective measures we need to take will not impact (noticeably) on individuals directly, some measures will require more pro-active management of software updates to many of our devices, and more explicit authorisation of access privileges needed to install software (for example).

More generally, better management of our cyber security is something which requires everyone to take special care of data, passwords, IT equipment and the use of facilities such as email and data storage.

Perhaps the greatest challenge facing us, therefore, is the need for us all to adopt more secure ways of working both now and in the future, and to be aware of the particular risks we face.

Achieving the right balance between long-established degrees of local freedom and local decisions about software use, on the one hand, and the growing need for tighter management of our systems and software, on the other, is at the heart of this Project. Adopting a risk-based approach to our decision making is essential.

The IT Security Project will span this year and the 2018/19 academic year. We will be producing regular updates as the project progresses so please watch out for more information.

John Leary

Director of IT