To mark European Cybersecurity Month, you may have noticed the instruction on the Staff Gateway to complete the Information Security and Data Privacy Awareness training course. Graham Ingram, Chief Information Security Officer, explains why taking this mandatory online training course every 12 months helps to ensure you protect yourself, your family and your work from cybercrime.
Graham, can we start by asking what brought you to Oxford?
I’ve been with the University for just under three years and it was my wife’s RAF posting to Brize Norton that sparked the move to Oxfordshire. Before then I worked as the Public Sector Cyber Security Advisor at Deloitte in London, and preceding that I was with the Royal Signals – one of the combat support arms of the British Army – for 20 years. All my roles have involved an element of security and protection; it is something I am passionate about.
Why is this online information security training so important? Why do we need to be so aware of cybersecurity?
Everyone who works, studies or carries out research at Oxford is part of the University’s cybersecurity effort; you are all responsible for how you use and store data and information. We must be aware of our legal obligations and be conscious of the harm that a data breach can cause to individuals, or the damage to an institution by a cyber-incident. It is an unfortunate fact of modern life that we need to learn how to protect ourselves, our colleagues and our research from the dangers of the increasingly connected world.
So what exactly are these dangers – what can happen?
As an example, this month a UK university has lost access to all digital services due to a suspected cyberattack. Investigations are still ongoing and (at the time of writing) they have been offline for a week. I fear that they have been infected by a type of malware which allows cybercriminals to encrypt files; this is an increasingly common event. If a ransom is paid then the attackers might unlock some of the data. The social media accounts of this most recent victim are full of anxious posts asking about the implications this will have on applications, interviews, open days, courses and exams. In short, it is a nightmare.
And then there’s the impact it can have on an individual. I think a good way to illustrate this is to direct you to a recent drama on iPlayer called The Trick. This tells the unfortunate and true story of how a university professor and his team had their research hacked by climate change deniers. The quality of the team’s research fell into disrepute and turned into the first big fake news story. In addition, the safety of the professor’s family was compromised, and he experienced an unwelcome level of personal stress.
We don’t want anyone else to suffer the same fate and the training helps to ensure that everyone at the University protects themselves.
What is our cybersecurity goal – where do we want to be?
Ultimately, we are aiming to ensure that we remain a world-class University with a complementary world-class cybersecurity capability, which readily enables us to win the best research contracts. Research sponsors and partners are all improving their security and developing higher expectations of cybermaturity as a prerequisite for future collaborations. The annual cybersecurity and data privacy training course is but one small step towards creating this capability. As for the course, we continue to improve the content, but there is more to be done on the style, delivery, feedback and tracking of completion.
Before you go, as a relative newcomer to Oxford – what is your favourite place in Oxford?
I have a few.
One place is Tom Quad in Christ Church with its majestic statue of Mercury, the Roman god of email. That just might have something to do with the fact that Mercury is also the cap badge emblem of the Royal Corps of Signals.
But while I’m here, and with word association taking me to the Greek name for the same God (Hermes), please be aware of delivery scams. We’re on the approach to peak online ordering for Christmas, amid international supply chain difficulties. Be cautious about text messages from any delivery company with links which subsequently ask for a bunch of personal or bank details.
Something I enjoy every time I get off the bus to work is a particular view of the Radcliffe Observatory Quarter. There’s a spot which gives a splendid view of the old Observatory towering over the Mathematical Institute with the Triton fountain in the foreground. If the sun is shining the light catches the glass beautifully on the Maths building and shows off the distinctive styles of architecture.
The nearby blue plaque, indicating the spot where penicillin was first used in a clinical context, is a reminder of the continued global impact of the research emanating from Oxford.
Another favourite spot is the imposing Examination Schools. I can only imagine the nerves of every student who has climbed those marble stairs to determine their future. I do not want any futures damaged, or additional stresses imposed, because of a cyber-induced data loss.