Technology
campusreview.com.au
Don’t risk it
Why universities need to manage
IT security risks closely.
By Hugo Hutchinson
U
niversities have embraced
technology as teaching and
learning tools, while students
and staff alike typically rely on connected
devices for far more than just studying. As
university campuses serve as the hub of
student life, providing reliable, fast internet
access for students, staff and guests is
simply expected.
This abundance of connectivity helps
students and university employees feel
more connected to the university and
22
delivers better education outcomes, but
it also comes with risks. Often, these risks
are practically invisible because universities
don’t have adequate visibility into what’s
happening on their networks.
Universities face two key challenges
when it comes to cybersecurity. On the
one hand, the proliferation of connected
devices – some of which are owned
and managed by the university, while
others are owned by individuals – creates
a plethora of potential entry points for
cybercriminals and other malicious actors.
Securing these devices isn’t always high on
the university IT team’s list of priorities, but
it should be.
The second challenge is maintaining
information security. Universities gather
and store a lot of sensitive information
about students and staff. This can range
from credit card details, grades and
address information, to photographs of the
student and information about any health
issues they may face, including mental
health. The disclosure of this information
to malicious actors can result in identity
theft, financial losses and significant
emotional or psychological harm.
For example, fraudsters could use a
student’s information to apply for and
receive government benefits. This type
of identity crime is often only discovered
when the victim tries to legitimately apply
for these benefits only to find out that
someone is receiving them in their name.
The effects of identity theft can be
expensive and far-reaching, with many
victims thinking they’ve finally cleared
everything up, only to find yet another
complication down the track.
Even just having their grades or health
information exposed publicly could affect
a student’s ability to gain employment and
could lead to bullying and other negative
outcomes.
Universities must comply with the
government’s mandatory notifiable data
breach scheme, which came into effect
earlier this year. It requires organisations
to report data breaches if they’re likely