The public is concerned that confidential data held by local
authorities could fall into the wrong hands.
A survey* conducted by IT security and control firm, Sophos, has
revealed that 71 percent of people believe their local authorities
should prevent staff from accessing confidential data about
citizens, via laptops, blackberries, or other mobile devices when
they are working away from the office, to ensure that the
information does not fall into the hands of an opportunistic thief
or hacker.
The results come in light of a number of local authority
blunders involving the loss of confidential data. In 2007,
Newcastle City Council admitted to losing the payment
card details of 54,000 local residents - information which was
held on an unsecured server, and accessed by a computer outside of
the UK. A number of government bodies, including the Ministry of
Defence and the HMRC,
have also disclosed data breaches - stolen laptops or misplaced CDs
- and the public is now voicing its concerns.
Given the need for more flexible working environments,
organizations must properly secure portable devices just as they
would the internal network. Hard drives containing work-related
information need to be fully encrypted, and non-work related
applications such as VoIP and IM, which could be exploited by
hackers, should be blocked.
While a Whitehall-wide ban was imposed earlier
this week to halt the movement of unencrypted data to and from
central government departments, no such regulations have been
introduced at local government level.
"It's clear from our research that the British public has little
faith in their local authorities' ability to secure confidential
information," said Carole Theriault, senior
security consultant at Sophos. "If organizations need to give
employees access to work files, a tight security strategy must
become a crucial part of the public sector's IT infrastructure.
Government bodies need to better educate their staff on safe
computing practices, and subsequently reinforce this message to its
constituents."
A network access
control solution can enforce the correct level of access to
data held on the network, dependent on business role. Visitors or
contractors are kept behind an invisible boundary, and any user
without the required level of security on their machine can be
blocked from the network, safeguarding the public's personal
information.
"Just as physical security is managed by assigning appropriate
levels of security clearance before someone is admitted into a
building, the same principle needs to be applied to the network,"
said Theriault. "As wireless internet access becomes the norm in
many working environments, organisations need to consider locking
down user access - the public perception is that constituents' data
is open to anyone to delve into and steal. Implementing security
measures is no longer enough, the Government needs to reassure the
public that their data is safe."
The survey also revealed that 78 percent of people are concerned
that visitors to local authority buildings, whether they be members
of the public or contractors, are able to use wireless networks and
gain unauthorised access to confidential data, stored on the
network.
Sophos recommends that all organisations protect themselves with
a consolidated solution which can control network access
and defend against the threats of spam, hackers, spyware and
viruses.
* Sophos survey hosted on SurveyMonkey.com, 241
respondents, October 2007
Disclaimer: Please bear in mind that this poll is not
scientific and is provided for information purposes only. Sophos
makes no guarantees about the accuracy of the results other than
that they reflect the choices of the users who participated.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.