Protecting personal data in the public sector
The public sector is reliant on and driven by data. Whether this is in the education, healthcare, utilities or housing sectors, data is an integral part of public services and one of the keys to its success.
Over 2.5 quintillion bytes of data were created every single day in 2018, according to the sixth DOMO report. In 2020, it is estimated that 1.7MB of data will be created every second for every person on earth. This increase in the volume and complexity of data has also meant an increase in risk. Data loss, through theft, misuse, malicious attacks or mismanagement, can cause a threat to privacy and security and cause serious disruption to essential services.
Even before the COVID-19 pandemic, high-profile data breaches have been thrust into the spotlight. The WannaCry attack in 2017 highlighted the vulnerability of NHS data management systems, many of which were based on outdated legacy IT platforms.
Public sector bodies handle some of our most sensitive and personal data, and the general public has a right to know that it is being looked after. Furthermore, with human error being one of the leading causes of data breaches in the public sector, workers must have the training, knowledge and ability to handle data securely.
During the lockdown and its subsequent easing, millions of employees were and still are working remotely. Security and IT teams still face a new, heightened demand for services. With escalating psychological stress, cybercriminals have actively exploited this crisis with a significant uptick in ransomware attacks targeting high-profile accounts.
Public services are particularly vulnerable due to the greater demand for their sought-after services. With online services feeling the strain and given the interconnected nature of supply chains, even one very small public sector supplier could be the weakest link in the chain.
The public sector and its employees are now exposing themselves to significantly increased cyber risk, such as the use of personal devices on unsupported systems and public WiFi networks, each with a significantly lower level of security protection in comparison to corporate infrastructure. With cyber criminals deploying ever more sophisticated phishing scams, this heightens legal and reputational risks for public services when computers are not appropriately secured and monitored.
Best practice data management for the Public Sector
The public sector needs to establish a best practice policy among staff to manage data that may be shared with other people and organisations. Secondly, because of the growth of shadow IT, remote working applications downloaded by employees and used on both personal and work devices can create opportunities for hackers to bypass security systems and access sensitive data.
Shadow IT inarguably has become prominent during the shift to remote working and data management in the cloud. If shadow IT can’t be eliminated, the next best thing is to lessen the risks it poses by ensuring that public sector employees understand the correct procedures for protecting the data they handle. With the transition to cloud-based data management, the most significant improvements are to be gained by embedding best practices and increasing knowledge across the public sector.
The migration of services and data to the cloud has become a major mainstream operational activity in the last few months. The public sector has shown a commitment to this process. Ultimately, public sector organisations that deploy continuous training methods will experience significant reductions in susceptibility to phishing attacks and malware infections. It is crucial that as data and applications move to the cloud and remote working becomes the new norm, the public sector, in conjunction with their technology leadership teams, are aware of their regulatory requirements and identify the appropriate training and technical processes.