The public sector needs to re-evaluate its data security systems if they want to avoid costly data breaches.
A new guide, securing the public sector, from Network Box discusses the issues facing public sector security and lists key recommendations on how these issues should be addressed.
Simon Heron, internet security analyst at Network Box, said: “We've seen several high profile public sector security breaches in recent years, most of which have been preventable. Naturally, human error can never be completely eradicated, but guidelines and procedures can be established to minimise the risk that this represents to data security. We're also seeing the public sector move from a closed environment, to a more online one, which has increased the risk of cyber crime.”
The guide gives ten key recommendations for best practice in public sector security:
1. Ensure that systems are updated and patched. Have some way of monitoring this critical function to ensure it takes place.
2. Remember security is about more than just email. Firewall, intrusion detection and prevention, access policies and VPNs are all critical elements of security.
3. Review what applications and systems are used across the organisation as part of ISO9001 or about once per quarter.
4. Ensure that all data is routed through the appropriate channels and that nothing bypasses security systems (this is one of the most common causes of vulnerabilities).
5. Educate employees – keep them informed about their role in keeping data secure and limit access rights.
6. Use a secure VPN for home workers, so data does not have to leave secure servers.
7. Do not allow employees to download anything that is not approved by the security team, such as peer-to-peer software.
8. Encrypt all data and use secure passwords on mobile devices and laptops.
9. Check all outgoing as well as incoming data for possible data leaks.
10. Consider the total cost of ownership of running security systems. A specialist managed service can reduce costs by between 20 and 40 per cent.
Network Box said that human error is considered to be the most likely cause of security breaches, and these could often be avoided if security and administration policies were put in place and followed.
The guide addresses the issues facing the sector, including: data privacy (and the value of stealing data to criminals), budget pressures, increased home working and increased use of web-based applications.