Leadership approaches to managing cybersecurity 

At the 2024 Association of Colleges (AoC) conference, Jisc hosted a series of live podcasts on its exhibition stand, focusing on some of the key digital priorities keeping FE leaders awake at night. 

Anthony Bravo OBE, CEO and principal at Basingstoke College of Technology joins Jiscs chief technology officer Henry Hughes and senior public affairs officer Frankie Walker to explore the current cyber security challenges in further education, discussing effective strategies for staff training, and the importance of collaboration between institutions. 

Cybersecurity goes beyond technology 

In the rapidly evolving landscape of cybersecurity, further education institutions face unique challenges when it comes to protecting their networks, data, and systems. Effective leadership is critical in managing these challenges and fostering a cybersecurity culture that prioritises people, processes, and technology. 

Anthony Bravo points out that the greatest cybersecurity risk isn’t the technology itself—it’s the people using it. Phishing attacks are a constant threat, and Bravo emphasises the importance of making staff feel comfortable reporting suspicious emails. He leads by example, often sending out fake emails for verification. His goal is simple: if staff aren’t afraid to ask, “Is this real?” they are less likely to fall for threats. Building this open environment is crucial for preventing security breaches. 

Practice makes perfect 

Henry Hughes underscores the importance of preparation. Regular drills and rehearsals are key to ensuring that organizations can recover quickly from a cybersecurity incident. He notes that organizations with clear processes and a strong practice culture are typically able to recover in the shortest time. Bravo agrees, explaining that mock phishing tests for his team help ensure they know exactly how to respond to threats, reducing confusion when a real attack happens. 

Creating a cybersecurity culture 

Both Bravo and Hughes stress that leadership must actively foster a culture where cybersecurity is a priority. This culture must be communicated from the top down. If senior leaders don’t take cybersecurity seriously, the rest of the organization won’t either. When leaders are engaged and make cybersecurity a focus, it sets the tone for everyone else. 

Ownership at the Top 

For cybersecurity to be truly effective, senior leadership, including college principals or CEOs, must take full ownership of the issue. Bravo likens it to safeguarding: cybersecurity is just as important as physical safety in an institution. Leaders must set the example and make cybersecurity a constant agenda item. 

Continuous Training and Monitoring 

Bravo highlights the importance of regular cybersecurity training, especially for non-technical staff, and the need to hire technically competent staff. Hughes adds that cybersecurity threats are getting more sophisticated, with personalised attacks targeting senior staff. Ensuring continuous system monitoring and regular reviews of security processes helps institutions stay ahead of potential threats. 

By making cybersecurity a priority at all levels, from leadership to everyday staff, further education institutions can better protect themselves from the growing risk of cyber threats.