Workers the weak link in public IT security

gallery

Employees are the weakest link when it comes to data security in the public sector, according to research from IT vendor SafeBoot.

The results of the survey will be no surprise to HM Revenue and Customs (HMRC), which had a massive data breach after two discs containing records of 25 million people were lost.

According to the survey of 1,000 employees across multiple sectors, 88 per cent of government organisations have a security policy in place, with two-thirds banning external memory devices to try to prevent security breaches.

Public sector bodies are more likely than those in the private sector to communicate such policies, with half using proactive methods like focus groups, compared to 19 per cent using such methods in the private sector.

But despite this, four out of five people are still ignoring such security policies. Nearly nine out of 10 open unknown emails, three-quarters connect banned external devices to the network, seven out of ten download unsafe web content and close to six people in ten use unencrypted mobile devices - even though all of the above are against many security policies.

Tom de Jongh, product manager at SafeBoot, said: "The public sector receives a bad press for its IT security with numerous high profile data leakage cases, such as HMRC."

Indeed, according to initial reports, HMRC had security policies in place, which were ignored when the records were burned to disc in order to be mailed.

The survey showed that the number one reason employees ignore security policies is ignorance. "This is clearly not the IT department's fault - they are faring well compared to other sectors, but their employees are letting the side down," de Jongh added. "Despite good communication methods, the severity of security and data leakage is not getting through and IT managers are feeling the strain. More education needs to be done."

In the wake of the HMRC data breach, security experts from around the UK said technology should be used, not just policies, to ensure data is safe.

The majority of IT managers in SafeBoot's survey agreed, advising against moving data without encrypting it. "Employees need to show a little more respect and common sense, and businesses need to mitigate the risk by deploying proactive security measures such as data encryption," said de Jongh. This would give workers no choice but to be secure."

The survey also found that public bodies spend less than 10 per cent of their IT budget on security.

Email to a friend

Print this page