Protecting personal data in the public sector
The public sector is reliant on and driven by data. Whether this is in the education, healthcare, utilities or housing sectors, data is an integral part of public services and one of the keys to its success.
Over 2.5 quintillion bytes of data were created every single day in 2018 according to the sixth DOMO report and in 2020, it’s estimated that 1.7MB of data will be created every second for every person on earth. This increase in the volume and complexity of data has also meant an increase in risk. Data loss, through theft, misuse, malicious attacks or mismanagement can cause a threat to privacy, security and cause serious disruption to essential services.
Even before the COVID-19 pandemic, high-profile data breaches have been thrust into the spotlight. The WannaCry attack in 2017 highlighted the vulnerability of NHS data management systems, many of which were based on outdated legacy IT platforms.
Public sector bodies handle some of our most sensitive and personal data and the general public have a right to know that it is being looked after. Furthermore, with human error being one the leading cause of data breaches in the public sector, workers must have the training, knowledge and ability to handle data securely.
During lockdown and its subsequent easing, millions of employees were and still are working remotely. Security and IT teams are still facing a new, heightened demand for services, and with escalating psychological stress, cybercriminals have actively exploited this crisis with a significant uptick in ransomware attacks targeting high-profile accounts.
Public services are particularly vulnerable due to the greater demand on their sought-after services. With online services feeling the strain and given the interconnected nature of supply chains, even one very small public sector supplier, could be the weakest link in the chain.
The public sector and its employees are now exposing themselves to significantly increased cyber-risk, such as the use of personal devices on unsupported systems and public WiFi networks, each with a significantly lower level of security protection in comparison to corporate infrastructure. With cyber criminals deploying ever more sophisticated phishing scams, this heightens legal and reputational risks for public services when computers are not appropriately secured and monitored.
Best practice data management for the Public Sector
The public sector needs to look at establishing a best practice policy among staff for the management of data that may be shared with other people and organisations. Secondly, because of the growth of shadow IT, remote working applications downloaded by employees and used on both personal and work devices, can create opportunities for hackers to bypass security systems and access sensitive data.
Shadow IT inarguably has come to prominence during the shift to remote working and data management in the cloud. If shadow IT can’t be eliminated, the next best thing is to lessen the risks it poses by making sure that public sector employees understand the correct procedures for protecting the data they handle. With the transition to cloud-based data management, the most significant improvements are to be gained by embedding best practice and increasing knowledge across the public sector.
The migration of services and data to the cloud has become a major mainstream operational activity in the last few months and the public sector has shown a commitment to this process. Ultimately, public sector organisations who deploy continuous training methods will experience significant reductions in susceptibility to phishing attacks and malware infections. It is crucial that as data and applications move to the cloud and remote working becomes the new norm that the public sector in conjunction with their technology leadership teams are aware of their regulatory requirements and identify the appropriate training and technical processes.