Technology
campusreview.com.au
to result in serious harm, regardless of
whether the information breach was
deliberate and malicious, or merely
an accident.
The best approach for universities,
rather than report a data breach, is to
minimise the risk of a breach happening at
all. This can seem like an insurmountable
challenge given the potentially large
number of devices connecting to the
university’s network. These devices can
run on a variety of operating systems
and with varying degrees of built-in
security. When the devices are owned
and managed by the university, it can
be relatively easy to ensure they’re
fully secured. However, when it comes
to personal devices, it can be hard to
maintain control. And each of these
devices represents a potential entry point
to the university network for hackers.
Hackers may attack the network to
steal information, change information
such as grades, sabotage classes, courses
or the entire institution, or merely as
an unsanctioned academic exercise.
The potential rewards for a successful
attack are significant, making universities
very attractive targets.
It is essential that universities implement
enterprise-grade security measures to
protect themselves and their students
and staff. An effective solution requires
a combination of tools, res ources,
knowledge and culture. It’s not essential
to fix every potential vulnerability at once,
particularly if doing so would require
an impossibly large budget. However,
universities can start with the highest-
priority vulnerabilities and develop a plan
to close all the potential gaps over time.
To make the most of existing budgets
and avoid wasting resources in areas
that won’t deliver a strong return on
investment, universities should work with
a security partner that can conduct a
comprehensive security assessment and
help develop a strategic plan that takes
the university to an acceptable risk level as
soon as possible.
Universities can also take control of the
culture element of security by building
training and education into every IT-
related interaction. Formal and informal
security training can help university
stakeholders realise that they can play a
significant role in protecting themselves
and the university. Basic efforts such
as not clicking on links in unsolicited
emails, patching and updating all devices
promptly, and password-protecting mobile
devices are easy and cheap to implement,
and they go a long way towards keeping
the university network secure.
Reminding people that security is
everyone’s responsibility, plus gaining clear
visibility into the entire network, are crucial
to keep a university safe. ■
Hugo Hutchinson is Wavelink’s
national business development
manager for Fortinet.
SUBSCRIBE FOR LESS
THAN $2 A WEEK
THE LATEST NEWS AND RESOURCES FOR
HEALTH CARE PROFESSIONALS
Nursing Review is essential reading for
anyone involved in the healthcare sector in
Australia. It provides unrivalled coverage of
specialist topics from features and opinion
pieces, to international news and profiles.
• Latest news and resources for all health
care professionals
• Comprehensive coverage of a diversity
of topics
• Analysis of the major issues facing the
health sector as a whole
• Delivered free of charge
• 6 issues per year
• Only publication in the country dedicated
to reporting issues important to nurses
Please call 02 9936 8666 or email subs@apned.com.au to find out more.
23