Our Director of Innovation and Technology, Jots Sehmbi provides an update on how we’re standing up to cyber-crime and actions we can all take to protect the University.

Dear Colleagues,

Over the last few months the Higher Education sector has been increasingly targeted by cyber threats, with two recent prominent cyber-attacks widely reported in the media, impacting both Northumbria and Newcastle universities. In one case, this resulted in the complete cessation of university operations, with students being unable to register for the new academic year. These two cyber-attacks were “ransomware” attacks, which involve significant amounts of institutional data being held encrypted and held to “ransom” until a payment is made to cyber criminals to release the data.

As we all continue to work in an increasingly remote way across the University, the security and protection of the University’s information and data remains a key focus for ITS. Over the last six months, ITS has been enhancing the University’s defences by implementing technical security measures in order to protect the University against cyber-attacks. To ensure we are fully safeguarded against such attacks, we need your help.

The majority of successful cyber security incidents are triggered by inadvertent human actions, e.g. clicking on a malicious web link in an email that seems authentic, opening a file attachment that purports to be genuine, or providing your Essex username and password to a third party by accident.

Humans are the greatest first line of defence against potential cyber-attacks. Therefore, we will be launching a refreshed information and cyber security training and awareness campaign called Stand Up To Cyber Crime for the new academic year. This will include periodic refresher training for all staff, a new training programme for students, offering new guidance on how to remain safe when using the University’s IT services securely on and off campus.

From today all emails that come from outside the University which are delivered to your Essex email address will have a banner embedded, to remind staff that they should only open attachments from trusted and known sources, and to be extra vigilant with any embedded web links in emails. We are implementing this following the recommendations from the wider cyber security advisory bodies (NCSC and JISC) to the academic sector on protecting against cyber threats.

We can all take immediate simple steps to secure our information and data, such as not sharing your password with anyone, knowing how to spot a phishing email and understanding how to share information securely. Additionally, the Information Champions network has members in every department and section to advise and guide on the secure use of information and data.

Please remember ITS teams will never ask you to share your password via email (or other channels), so please be cautious if you ever receive any emails of this nature and contact the IT Helpdesk for advice.

If you have any questions or feedback, please feel free to contact me.

Jots Sehmbi

Director of Innovation and Technology