Home » Technology » Security » Protecting public sector data from the inside out
Public sector organisations hold some of the population’s most confidential and sensitive information, whether it is income details or health records, the protection of this information is vital to keeping citizens safe.
It’s easy to have a sense of confidence that data is immediately in safe hands when held by government bodies, however just because this information is being protected by the state, doesn’t automatically mean it is immune from threats. Public sector organisations have had well publicised encounters with data breaches, just last year we saw that a London sexual health clinic unintentionally leaked the details of nearly 800 patients who had visited the centre, which really brought the issue to the fore.
The onus needs to be on public sector organisations to ensure that they have all the capabilities and information needed to keep people’s data secure. What must be remembered is that protecting sensitive data is about so much more than just installing anti-viruses and firewalls, data breaches can come from a range of different places and these bodies need to make sure they are prepared for any eventuality.
To illustrate, Clearswift’s Insider Threat Index revealed that nearly 75 per cent of security breaches come from within a business’s own network. The majority of these are not malicious, but inadvertent. A mistake which could have been avoided. However, from a legal standpoint the information had fallen into unauthorised hands, so is still just as much a breach as if it had been maliciously targeted. This adds context to the data leak discussed in the health clinic breach and highlights that while external attacks need to be defended against, it is also from within an organisation that data needs to be protected.
Many businesses, public sector or otherwise, are still struggling to accept that one of the biggest security risks could come from people they employ in their organisation. High-profile attacks are helping to shed light on these occurrences, but organisations need to be prepared for both accidental and malicious data loss and ensure that proactive and adaptive prevention methods are put in place to stop them at the root – before they cause the problems to occur.
This does take more than simply deploying software solutions to prevent insider breaches, it is also vital that staff are advised, through education and awareness programmes, how to keep data secure within an organisation. For instance, if someone based in a local council does not have the knowledge of how to securely pass information between departments and third party organisations who require it, all it takes is one accidental slip-up for this data to fall into the wrong hands and sensitive citizen information then being held by someone who may have ill intentions.
All organisations need to make sure that sufficient measures are in place to keep critical information safe and out of reach of those with nefarious intention, and public sector bodies, with citizen data, are no exception to the rule. Solutions are available to negate this activity, but it takes more than just the right security applications to ensure complete security. The policy needs to be applied from the top to the bottom of the organisation, from the CIO to general staff. All need to understand the threats that are out there and what they can do to keep critical information secure. Policies need to be developed to protect the information, finally technology is used to enforce the policies and to keep employees safe – along with the citizen data, which is what really matters.