Government Technology

71 Percent of U.K. Worried About Data Security and Mobile Access



February 7, 2008 By

A survey conducted by IT security and control firm Sophos has revealed that 71 percent of U.K. people believe their local authorities should prevent staff from accessing confidential data about citizens via laptops, blackberries or other mobile devices when they are working away from the office, to ensure that the information does not fall into the hands of an opportunistic thief or hacker.

The results come in light of a number of local authority blunders involving the loss of confidential data. In 2007, Newcastle City Council admitted to losing the payment card details of 54,000 local residents -- information which was held on an unsecured server, and accessed by a computer outside of the UK. A number of government bodies, including the Ministry of Defence and the HMRC, have also disclosed data breaches - stolen laptops or misplaced CDs -- and the public is now voicing its concerns.

Given the need for more flexible working environments, organizations must properly secure portable devices just as they would the internal network. Hard drives containing work-related information need to be fully encrypted, and non-work related applications such as VoIP and IM, which could be exploited by hackers, should be blocked.

While a Whitehall-wide ban was imposed earlier this week to halt the movement of unencrypted data to and from central government departments, no such regulations have been introduced at local government level.

"It's clear from our research that the British public has little faith in their local authorities' ability to secure confidential information," said Carole Theriault, senior security consultant at Sophos. "If organizations need to give employees access to work files, a tight security strategy must become a crucial part of the public sector's IT infrastructure. Government bodies need to better educate their staff on safe computing practices, and subsequently reinforce this message to its constituents."

A network access control solution can enforce the correct level of access to data held on the network, dependent on business role. Visitors or contractors are kept behind an invisible boundary, and any user without the required level of security on their machine can be blocked from the network, safeguarding the public's personal information.

"Just as physical security is managed by assigning appropriate levels of security clearance before someone is admitted into a building, the same principle needs to be applied to the network," said Theriault. "As wireless internet access becomes the norm in many working environments, organizations need to consider locking down user access - the public perception is that constituents' data is open to anyone to delve into and steal. Implementing security measures is no longer enough, the Government needs to reassure the public that their data is safe."

The survey also revealed that 78 percent of people are concerned that visitors to local authority buildings, whether they be members of the public or contractors, are able to use wireless networks and gain unauthorized access to confidential data, stored on the network.


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Redefining Citizen Engagement in a Mobile-First World
Today’s consumers are embracing the ease and convenience of anytime, anywhere access to the Internet from their mobile devices. In order for government and public sector organizations to fully engage with their citizens and provide similar service quality as their consumer counterparts, the time is now to shift to mobile citizen engagement. Learn more
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
View All

Featured Papers