Last week I attended my very first Security Conference organised by Jisc in the UK. As a communications professional in R&E networking I need to get a better grasp of this relevant topic, learn about the threats faced by our sector and be able to write about it with confidence and competence.
Travelling by train with two technical colleagues enabled me to pick their brains during our journey and get into the cyber security groove. The conference surpassed my expectations, the organisation was smooth and professional, the programme was balanced and stimulating, the keynotes were enlightening: I was hooked.
‘Treat your data like treasure’ was the very powerful opening remark, yes we need to learn that our digital life and our online data are precious and should be safeguarded at all times. Higher Education (HE), Further Education (FE) and Research organisations need to ask themselves: do their users really understand what they need to do to protect their data?
The first eye-opener was the keynote by Bernadette John, an experienced consultant and tutor in Digital Professionalism, a subject that covers the competence and values expected of a professional when engaged in social and digital communications. Bernadette talked about the risks deriving from the unthinking use of everyday tech, from Alexa to Whatsapp, and the severe consequences this can bring – for staff, students and their institutions. ‘People are sleepwalking into a surveillance society, they’re not aware of what their obligations are with regards to the tech in their pockets, they’re just using it for work without mindfully considering what the risks and benefits are and making a balanced and informed decision about it.’ Students need to think hard about their digital footprint and remember that they will be held accountable for their online behaviour when looking for jobs or applying for work and student VISAs to certain countries.
A representative from the Counter Terrorism Internet Referral Unit (CTIRU) from the Metropolitan Police Service told us what is being done to prevent terrorist use of the internet and how dangerous digital content has been used by opposing extremist ideologies.
Two very engaging and dynamic professors from Suffolk and Plymoth Universities talked very passionately about the urgency for HE to deal with online abuse to safeguard students; they touched on the unhelpful assumption that digital natives – people born or brought up during the age of digital technology – are knowledgeable about national policies around online education, and also on the need to make students aware about the blurred lines between offensive and hate speech online. They also introduced the concepts of digital civility and digital well-being.
When the Development Manager from the Internet Watch Foundation stepped on the stage to talk about the organisation’s ultimate mission to eliminate child sexual abuse, illustrating the amazing work carried out by their dedicated analysts and their profound commitment, the room went quiet: the topic was close to everybody’s heart.
One of the highlights of the conference was for me the keynote on day two by Kieren Lovell, Head of CERT at TalTech University in Tallinn, Estonia, on the reality of cyber security. His very engaging talk started with a very powerful statement: “There’s no such thing as cyber security, just security – and it’s everybody’s problem.”
Kieren stressed the importance to share when things go wrong, to know the enemy and encouraged organisations to look at themselves before any threat does. There is a need for a different mindset, although compliance to ISO standards is necessary, it is not the ultimate solution. Cyber security is not an IT issue, it’s a people issue: human error remains a major problem and risk.
Finally I could not miss the talk by Abigal McAlpine – a PhD researcher in cyber security from the University of Huddersfield – on human-based cyber security research about children’s fingerprint on the web. Personal Identifiable Information (PII) is extremely valuable to Social Networking Services (SNS), it’s a commodity that helps organisations create targetable marketing personas. Minors do not understand the risks associated with social media use and parents enthusiastically ‘sharenting’ content online about their children are also some of the most common causes of online child data breaches .
Well, at the end of the conference my first immediate reaction was to go home, confiscate iPads and mobile phones from my kids and censor any social media activity, ok, it was an overreaction. So rather than rushing into such extreme decisions I just need to continue monitoring their screen time regularly, keep a close eye on their online activities and remind them about the dangers of online abuse.
Cyber security is about education and understanding and also about removing the stigma of being cyber crime victims, it’s about sharing when things go wrong and mistakes are made to prevent them from happening to others and creating a united front against the ever-growing, sophisticated and opportunistic perpetrators of this modern day threat.