Author: Viv Hocking

Keynote at Ahead at BETT 2024

Viv Hocking

Earlier this year, I had the opportunity to interview multi-award winning international speaker Hayley Mulenda at the world’s largest education information technology showcase. Attended by more than 30,000 educators, policymakers and industry change makers – the BETT Showcase featured an array of events and talks for the education sector.

Having previously presented alongside colleagues from the University of Plymouth at the Jisc Change Agents Network in 2022 and in 2023, Jisc recommended our Student Digital Champion scheme to the event organizers in seeking a keynote speaker. I was privileged to be invited to facilitate the morning keynote at Ahead at BETT on Friday 24th January – in conversation with Hayley Mulenda.

Hayley chose to begin speaking out about her experiences after nearly taking her own life at the age of eighteen and has become a powerful advocate for diversity and inclusion across the world, helping leaders to bridge the gap between millennials and Gen Z. Hayley’s work focuses on remembering the power of authenticity and vulnerability in a world that has an overabundance of ‘role models.’

In conversation with Hayley Mulenda

In our keynote session titled “Meeting the needs of a changing workforce: How should Higher Education adapt?” Hayley and I chatted about what had motivated to begin speaking out following her experiences, strategies young people can take advantage of to avoid burnout whilst pursuing success and becoming a “real model” rather than a “role model.”

Hayley reflected upon her higher education experience under the UKs lockdown restrictions imposed in response to the COVID-19 pandemic and how her institution had taken the wrong approach in responding to student wellbeing. Building on Hayley’s experiences and the prevalence of social media in the lives of Gen Z, I asked Hayley how she thought higher education institutions might be able to take advantage of social media to empower students in regards to their wellbeing as they start to think about entering the graduate job market for the first time.

Drawing on Hayley’s wealth of experience in the corporate sector, acting as a board member for restaurant giant Wagamama, Hayley and I also chatted about how organizations might be able to better prepare to welcome Gen Z into their workforce, whilst emphasizing the importance of personal empowerment and individual wellbeing.

Reflecting upon our conversation at BETT, Hayley said:

“Bett Show 2024! We spoke about mental health, graduate recruitment, student experience, Gen-Z and so much more! It was a great discussion with Vivian Hocking on what Higher Education can do to meet the needs of students and young people today!”

– Hayley Mulenda

Why you shouldn’t post your degree certificate online

Viv Hocking

In September 2021, graduates were once again able to celebrate their hard-fought achievement of earning their undergraduate degree certificate with in person graduation ceremonies on the Plymouth Hoe. Following that in December 2021, postgraduate students from Plymouth were also celebrating their successes with in-person ceremonies at the Plymouth Guild Hall.

University of Plymouth graduation ceremony.
Graduation marquees on Plymouth Hoe – University of Plymouth

These events marked the first return to in person ceremonies since Plymouth Gazette reported on the decision to hold digital celebrations in lieu of traditional ceremonies, which was part of response measures to the Coronavirus pandemic. Both forms of graduation are typically however followed by celebratory social media posts.

It’s not unusual to see photos of graduates with their course-mates and their families popping up on social media followed by numerous congratulatory responses. Indeed – why shouldn’t you post photos of your achievement?

Well, if your post includes a copy of your digital award (usually supplied in PDF format) or a selfie with your newest qualification, you might want to think twice about exactly what you do share to social media.

A quick scroll through social media feeds back in September of 2021 showcased the degree certificates of other graduates from across various different cohorts at Plymouth as well as graduates from other Universities. A similar look around social media now and you can easily find postgraduate transcripts with a variety of sensitive personal data on them.

What the experts are saying about posting your degree certificate online

Graduates celebrate obtaining their degree certificate.
Graduates pose with their mortarboards for celebratory photos. – University of Plymouth

JISC, which provides the University of Plymouth with a lot of the backbone for its digital infrastructure, warned back in August of 2020, that sharing images of your important documents online can give fraudsters access to information that enables them to make fake documents.

Prospects, which is run by JISC, further explained that sharing your degree certificate online gives fraudsters “access to logos, crests, signatories, stamps, holograms and wording,” further highlighting that these tend to be unique to each higher education institution and are often changed each year to help combat degree fraud.

The Guardian reported on these same sentiments back in June 2018 where they quoted Jayne Rowley, now executive director of student services at JISC, as suggesting that posting your degree certificate online is comparable to sharing a photo of your passport or driving license on the internet.

Social engineering as a risk posting your degree certificate online.
Image Credit: NortonLifeLock

Social engineering

Aside from your University potentially suffering from degree fraud because of degree certificates or transcripts appearing on social media, the reason you should be concerned is the threat of social engineering.

Social engineering is a broad term that covers a range of manipulation techniques employed by cyber criminals to illicitly gain access to or control over your data. For a keen fraudster looking to gather information about someone or an organization to target, social media provides a fertile ground of intel that can be used as a starting point for a wider campaign of attack.

NortonLifeLock (formerly Symantec Corporation), outline that at the core of social engineering is typically a four step process of building false trust with a victim and then using persuasion to gain further information about you and their target.

Being manipulated

As an example, your university statement of results includes your student ID number, your name and your date of birth. If you post this publicly online, you’re giving public access to your date of birth and student id number, which are key components in how whichever university you are enrolled at knows who you are.

In a scenario where an attacker wants to gather further information about you, they might have already found your transcript on your LinkedIn profile and call you whilst you’re at work. The attacker poses as an administrator at your university wanting to make sure your records are up to date – they tell you what your name is and read you your student id number and then ask you to confirm your date of birth – in an act of building false trust.

The attacker then asks you to provide your address and current telephone number to ensure the university records are up to date – which you provide. The caller thanks you for your assistance, wishes you a good day and the call ends. The conversation goes to the back of your mind along with any other day to day calls that you don’t need to remember.

Cyber-attack

You might be asking yourself why an attacker would want to pretend to be you after you’ve already graduated – but universities do typically keep graduates accounts active for a set period of time after they’ve left the institution. This provides an avenue through which attackers could exploit the information they’ve found on social media and after obtaining further information from their target, to gain control of your university account.

Now that the fraudster has access to the information from your transcript as well as your address and contact number, they can now contact the University and pretend to be you.

Why is this important? Over the last few years, cyber-attacks against universities have been increasing as research data and personal data held by these institutions continually grows in size and value over time. Having access to your account, might help a social engineer to deploy malware or ransomware.

In 2019, the University of Maastricht was taken completely offline after attackers managed to deploy ransomware within their systems. Likewise, Brown University had to take systems offline in April this year following a cyber-attack and the University of Sunderland announced system outages in October this year following an attack.

Why should I care?

Depending on the experience you had whilst at university, you might not particularly care if your institution is attacked after your graduation – but the scenario above can also be applied in reverse. If you become the target rather than your institution, lets assume because an attacker is interested in targeting your graduate employer, the information you’ve shared on social media could be used to find out more about you by impersonating you when contacting your university.

In summary, graduating is for most students a once in a lifetime experience and it’s only natural to want to shout from the rooftops after all the work you’ve put in has finally paid off.

Just don’t celebrate by posting your degree certificate, one of your most important legal documents, on the internet.