In the public sector, as austerity measures weigh increasingly heavily on an organisation’s ability to know the extent and reach of their employee’s digital footprint, the chances of sensitive data leaking are significantly increased. Last week’s blog reported on an article in the local government media that suggests this is the biggest threat facing the public sector. Yes, it is a real threat, but to suggest it’s the biggest threat is, perhaps, putting it a bit strongly - especially as I’m writing this on the day that the press reported that cyber attacks are costing British business £34BN per year.
Pat Brady, an expert on internet security, believes that while all threats are valid, the danger comes from concentrating on whatever is the latest exciting one rather than getting the basics right.
Human beings can only apply their minds to a few things at any one time and we have a tendency to focus on the new and shiny rather than the old and practical. Currently, there is a lot of attention on employees working at home and/or while travelling, using their own mobile devices ‘on the go’ to improve productivity. This creates potential (and real) problems with data security. To make matters worse, Pat says that the law in this area does not help organisations, whether public or private, because although an employer can demand and seize a mobile device if it is owned by the firm or organisation, they can’t do this if it belongs to the individual. It’s a complex legal area but at the moment the dice are loaded against the employer if an employee simply leaves with lots of the organisation’s data on his/her mobile. If they leave under a cloud, the potential risks are much greater. Information security is struggling to keep up here and it’s an issue that needs resolved.
However, this focus on the individual’s digital footprint detracts from the need to get the basics right. As Pat told me, “if you don’t maintain your firewall and other essential, old-fashioned security practices, you’re inviting trouble. If your vendors send you patches to update your server and you don’t apply them you’re increasing your vulnerability to the hackers who, as the UK government’s Head of Cyber Security explained at a conference I was at least year, increasingly work as large-scale corporations, with sales targets and incentives”.
So, the message is simple. Don’t let the basics get lost in amongst the welter of new security issues that are constantly being raised and debated. And if you are encouraging remote working then make sure the mobile and other devices being used belong to the company, not the employees. These issues are not going away; it’s in everyone’s interests that we tackle them as effectively and as ruthlessly as the hackers do or at the end of the day we all lose, and that £34BN annual loss to UK business will simply grow and grow.
Gareth Biggerstaff, MD, Be-IT Resourcing