CCR Magazine

You are here  :Home arrow News arrow UK Councils Must Get Their Cyber Security ‘Act Together’
Contact Us Newsletter Signup RSS Feeds

Latest News Headlines

Headlines

 
Commercial Credit News

Headlines

 
UK Councils Must Get Their Cyber Security ‘Act Together’ PDF Print E-mail
Tuesday, 27 February 2018
UK councils must get their cyber security ‘act together’ according to Colin Tankard, Managing Director of data security company, Digital Pathways.

Human beings are always the weakest link in the cyber security arena and the only way to stop this is by providing excellent training and awareness programmes, according to Tankard.

He says, “My experience of working with these organisations is that, more often than not, the data owners or managers of departments do not consider who has access to their data and they leave the decisions to the IT Department expecting them to know who can access the data and what they can do with it. Then, when things so wrong, it is the IT staff that get the blame. This is wholly inadequate and short-sited.”

The recent report by Big Brother Watch, which was based on freedom of information requests, highlighted the extent of cyber attacks carried out on 114 councils and appeared to show a staggering 37 attacks taking place every minute between 2013/2017.

“I am not surprised at the numbers” says Tankard, “many organisations fail to manage users and privileges. A frequent failing is not to remove people from groups when they move departments or, worse still, they leave the organisation and are not removed at all from systems. It is a communication issue, but it can be controlled with technology”.

Tankard explains how technology can help, and highlights having better control of Active Directories (AD) by using tools designed to work with AD but which provide a greater level of control and insight into what really is going on. These tools can be useful for department managers, who are able to easily see who is part of their group and who has access to their data. Any unknown person can be flagged to the appropriate department for further investigation. This puts the responsibility back onto the data owner, where it should be.

Another good tool is to monitor user behavior and from this, any unusual actions can be alerted or used to train the user on best practice. In the new GDPR world, coming soon, user education will be a key matrix of compliance.

As with all data, the most important factor is that it should be encrypted at every level, even emails. This would mean that should data be taken, it would still be protected. Many feel encryption ‘slows things down’ or is expensive, but this is far from the truth. When you take into account the cost of fines, bad publicity and low employee moral due to a data breech, encryption becomes a very cost effective measure.

Adds Tankard, “Digital Pathways works with many councils and there is no doubt that they are heavily burdened with regulation. At a time when council spending is closely controlled, the temptation is to put robust data security to one side. However, with public sector bodies increasingly receiving fines and with the imminent introduction of the GDPR with the threat of a 4% of turnover fine, it must be time to consider allocating sufficient funds in order to stop these data breeches.”
 

latest issue

CCR Cover

The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.

Read the latest issue online

subscriptions

CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.

As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.

Subscribe to CCR Magazine

CCR World Magazine


 

Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.

Find out more

GTS Media Ltd
81 Cambridge Road
Southend-on-Sea
Essex
SS1 1EP

Registered in England No: 05483197