A recent report by cybersecurity firm Proofpoint has revealed that the vast majority of the UK’s universities, including Oxford, have failed to take recommended precautionary steps to protect students from crime online, and this particularly threatens new students around results day. 

Only one in twenty of the universities surveyed was using the recommended level of DMARC (Domain-based Message Authentication, Reporting and Conformance) protection, with 30% using some form of the tool below the recommended level and the rest using no DMARC protection at all. 

The increased threat posed by hackers has led the government to act in recent years, most notably forming the National Cyber Security Centre in 2016. 

However, Proofpoint’s report suggests that the same could not be said of many universities.

Kevin Epstein, vice-president of threat operations, said: ”By not implementing simple, yet effective email authentication best practices, Universities may be unknowingly exposing themselves and their students to cybercriminals on the hunt for personal data.

“Proofpoint researchers found that the education sector saw the largest year-over-year increase in email fraud attacks of any industry in 2018, soaring 192 percent to 40 attacks per organisation on average.

“Institutions and organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences. 

“Cybercriminals are always going to leverage key events to drive targeted attacks using social engineering techniques such as impersonation and universities are no exception to this. 

“Ahead of A-Level results day, student applicants must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on their future.”

A response from the National Cyber Security Centre emphasised how closely it was working with universities and other public bodies. A spokesperson for the Centre said, “NCSC experts work closely with the academic sector to improve their security practices and help protect education establishments from cyber threats”.