There have been a number of very high profile hacking incidents affecting US and UK Universities with the most recent being widely reported in the media.
From my experience, University computing environments tend to be far more heterogenous than would be found in a business or corporate setting and the management of systems more distributed making security an even greater challenge. This combined with the very fast Internet links into Universities make them good targets for hackers or spammers.
There are a number of things we can all do to reduce the likelihood of an incident. I've listed a few below which is not exhaustive by any means:
- Regular internal and external penetration testing should also be encouraged to ensure the external posture of Internet facing systems is known and remedial action taken where required
- Regular patching of systems and applications to ensure software is maintained at current and supported levels.
- An information security policy which is maintained and widely known throughout an organisation
- Basic good practice around access and identity management including firewalls, anti virus and anti malware solutions.
There is some very good advice available at https://www.getsafeonline.org which I would encourage everyone involved in the support of IT to read. It's also written in a way that all ICT users can make use of the advice across a wide range of areas.