Tom Yazdi is Senior Consultant at Linstock Communications.
With a new intake of students to deal with, universities have been assembling and manipulating a huge amount of personal data to help things run smoothly in the first weeks of term. In light of recent news that 500 million Yahoo! users had their data exposed, the security of university information, and how to handle its potential loss, will be salient concern for technology teams and reputation managers alike.
I wonder how many comms teams found themselves dealing with cyber security issues during this period? Recent research finds that nearly two in three higher education institutions in the UK have faced a cyber-attack in the last twelve months. While many major institutions seem to recognise the threat a cyber-attack poses to their day-to-day operations, fewer seem ready to engage with the potential for damage to their reputation.
It’s easy to see why higher education institutions could find themselves in the firing line when it comes to cyber-attacks. One of the major targets for cyber criminals is data. Think back to dating website Ashley Madison, or more recently, the World Anti-Doping Agency. Hack into records, get hold of confidential data, and then release it to cause harm and embarrassment or demand a ransom in exchange for its safe return. It’s a common MO.
Universities hold masses of data. Student details, staff details, financial information… the list goes on. As big data is increasingly harnessed into learning analytics, monitoring student behaviour patterns to analyse learning techniques, and reduce drop-out rates, the volume of data being held is only likely to grow further. Like it or not, storing such data makes universities a target.
Imagine the scenario; a VC gets a call from their head of IT to inform them of a large breach. Student files, containing details of fees, home addresses, course marks, have been posted on an untraceable website. Colleagues are scrambling to get the site shut down. Then the phones start ringing off the hook. Confused students, angry parents, journalists… how to respond?
Put simply, cyber security could be the next big reputation threat to higher education institutions unless institutions factor it in to their communications and crisis communications strategy. Not just who says what, but the channels used and the tone adopted.
Each institution will have its own challenges in ensuring it is prepared. But these three principles should be at the heart of their plans.
No-one wants to dwell on emergency scenarios more than they have to. But universities can’t afford to let communications be an afterthought when it comes to cyber. The ultimate risk if they do is loss of reputation and, crucially, loss of trust.