The National Cyber Security Centre has raised an alert to UK universities and colleges following a spike in cyber-attacks on educational institutions. Among others, Newcastle University and Northumbria have both been targeted by cyber-attacks this month.
We take these threats very seriously and ask that everyone remain aware that criminal and malicious cyber-activity continues to be a concern - often exploiting the on-going changes and uncertainties of the Covid pandemic.
What are we doing?
Following consultation with the NCSC (and fully supported by our own Cyber Security Centre) the University has updated its own risk register on cyber attacks.
We are actively working to provide regular information and guidance to staff and continuing our programme of practical changes to keep our network and community safe:
Information and guidance
To ensure we are ready for the new term, working in challenging circumstances, we are providing clear guidance on the changes taking place in our practical security programme. To ensure we protect our network going forward, there will be three options to access University data - three ways to connect to our systems securely:
- a University-owned and managed Windows 10 device (keeping a regular connection with the VPN)
- a University-owned but self-managed device, which must be enrolled in the Device Security System (DSS) to ensure it meets security requirements. We are enrolling Windows devices now, Macs next, then Linux.
- a privately-owned device using the Workspace virtual desktop - it's browser-based and will run on any platform - including Mac and Linux
Warwick Cyber Security Centre Expert comment:
“Attackers put far more effort than might be expected into penetrating systems. These targeted attacks are harder to spot within the ever-present background noise of opportunistic and untargeted malicious activity. The majority of the low-level, mass attacks together with the harm caused by well-intentioned but misguided people within the organisation, who misconfigure software or do other things, not out of mischief but by mistake, can be countered by good cyber hygiene. That is what we mostly promote.
“For the higher-end attackers, we need to follow expert guidance and make things hard for them in the hope that they will go somewhere else or that we will spot them and evict them. We are a high-value target because of the amount of valuable information we have and because universities are seen as easy targets, which they often are."
You can read further comment on WonkHE
Security & Information Management is Everyone's Responsibility
Who needs to know this?
This information concerns us all. If you use a Warwick staff card, a Warwick email address, access one of our staff or student record systems or share your Warwick work with colleagues within or beyond the University, you are involved in activities that must be kept secure.
Data Protection Officerdpo@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW