71% of public worried about remote workers losing constituents’ personal data
February 2008 by Sophos
A survey* conducted by IT security and control firm, Sophos, has revealed that 71 percent of people believe their local authorities should prevent staff from accessing confidential data about citizens, via laptops, blackberries, or other mobile devices when they are working away from the office, to ensure that the information does not fall into the hands of an opportunistic thief or hacker.
The results come in light of a number of local authority blunders involving the loss of confidential data. In 2007, Newcastle City Council admitted to losing the payment card details of 54,000 local residents - information which was held on an unsecured server, and accessed by a computer outside of the UK. A number of government bodies, including the Ministry of Defence and the HMRC, have also disclosed data breaches - stolen laptops or misplaced CDs - and the public is now voicing its concerns.
Given the need for more flexible working environments, organisations must properly secure portable devices just as they would the internal network. Hard drives containing work-related information need to be fully encrypted, and non-work related applications such as VoIP and IM, which could be exploited by hackers, should be blocked.
While a Whitehall-wide ban was imposed earlier this week to halt the movement of unencrypted data to and from central government departments, no such regulations have been introduced at local government level.
"It’s clear from our research that the British public has little faith in their local authorities’ ability to secure confidential information," said Carole Theriault, senior security consultant at Sophos. "If organisations need to give employees access to work files, a tight security strategy must become a crucial part of the public sector’s IT infrastructure. Government bodies need to better educate their staff on safe computing practices, and subsequently reinforce this message to its constituents."
A network access control solution can enforce the correct level of access to data held on the network, dependent on business role. Visitors or contractors are kept behind an invisible boundary, and any user without the required level of security on their machine can be blocked from the network, safeguarding the public’s personal information.
"Just as physical security is managed by assigning appropriate levels of security clearance before someone is admitted into a building, the same principle needs to be applied to the network," said Theriault. "As wireless internet access becomes the norm in many working environments, organisations need to consider locking down user access - the public perception is that constituents’ data is open to anyone to delve into and steal. Implementing security measures is no longer enough, the Government needs to reassure the public that their data is safe."
The survey also revealed that 78 percent of people are concerned that visitors to local authority buildings, whether they be members of the public or contractors, are able to use wireless networks and gain unauthorised access to confidential data, stored on the network.
Sophos recommends that all organisations protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
*Sophos survey hosted on SurveyMonkey.com, 241 respondents, October 2007