In these times of greater information sharing and availability, public sector organisations need to ensure that any such sharing is appropriate and secure. Information is vital to the continuation of any business, and this is just as important to our public services as to any major corporation.
However, the public sector has a duty to ensure that all citizen data remains correctly protected at all times. With data loss incidents on the rise, it is important for the areas of security and governance to be correctly managed. In 2015 alone, the public sector reported 47,237 security incidents according Verizon’s 2016 DBIR report. This figure included a number of countries as well as the UK, but clearly shows the levels of threats out there.
PwC’s 2015 Information Security Breaches Survey, which is limited to UK based sites, showed that 90% of large organisations suffered a security breach in the year (74% of small business also suffered a breach).
There is no getting around it, attacks and breaches are on the rise, and this pattern is well defined. So what can public sector organisations do to prevent this? As one operations manager once said to me “lock them all out, if they cannot get to the data it cannot be abused!” This is patently absurd, but is something we sometimes see, in that organisations become unwilling to share data in case of breaches.
Remember, information security is built on the idea of TRUST, the main principles of which are CONFIDENTIALITY, INTEGRITY and AVAILABILITY.
The main thing here is not to panic. As a very famous book stated “Don’t Panic!” But seriously, planning and ensuring strong plans, procedures, policies and systems are in place to prevent this will help. No system is foolproof however, and it is for these reasons that you need to have these strong policies, processes and procedures.
The Information Commissioners Office (ICO) is the UK body tasked with ensuring that our data as citizens remains safe and secure. Understanding the requirements of the ICO in relation to data management and control will help organisations correctly plan the resources required to ensure data and information security.
Public sector organisations need to ensure that these plans and associated policies and processes are in place. Ensuring that you have the correct HR policies in place helps to lead to a workforce which is information security aware – on its own, probably the single greatest asset to any organisation which works with citizen data. Once employees understand their personal responsibilities and the methods – and reasons to – of reporting security breaches and near misses, all areas of the organisation can be “tightened up”.
Good ICT foundations with ratified solutions and products allow for data areas to be correctly segmented and secured according to the information they hold. Data can be traced from where it enters any organisation through all people and systems who accessed it. In the case of a breach this can reduce the impact of any loss and assist in the quicker implementation of remedies.
Remember, information security is not just about electronic information – paper records are fully covered. I have seen many occasions during my career where paper patient notes were “lost”, “destroyed”, or “damaged” and all these could potentially cause some harm to the end patient.
Realising – at the highest levels – that information security is not simply a case of implementing solutions once – and not just electronic solutions – but is a constantly iterative process to stay ahead of the hackers and opportunists is of vital importance.
As we move through 2017, it is known that the number of attacks will only increase. To counter this, all public sector organisations need to ensure that they have board ratified strategies for information security and governance and that they have staff who are informed and able to ensure that this does not become an issue.
The basics of information security need to be good planning, good solution implementation, good housekeeping and good training. Following these four areas will enable us to provide services to the public in safe and secure manner.
 The Hitchhikers Guide to the Galaxy by Douglas Adams.