21 Apr 2021

How COVID-19 could create a more digitally secure public sector

Guest blog: The pandemic has changed how public sector employees work and communicate, security practices need to change with them, says Rick Goud, CIO, Zivver as part of our #Cyber2021 Week.

COVID-19 has drastically impacted how workplaces and employees operate over the past year and this is no different for the public sector. Whether it’s remote working or reduced office space, many civil servants and government employees have experienced huge changes in how they function in order to remain operational and stay safe.  

However, this new normal has come with new challenges, particularly in regards to cyber security. This was revealed in a recent survey of Public Sector Organisations by Zivver, which found that 43 per cent of IT leaders in local government believed their organisation was ‘less secure as a result of COVID-19’, while 11 per cent of local government respondents were aware of 11-15 data leaks taking place in the past year.  

These figures seem to indicate that changes in working conditions have had an impact on digital security. This could be for multiple reasons, such as public sector workers being more reliant on email and file sharing services to transfer information both internally and externally. Sharing data this way comes with risks, whether that’s files being shared with the wrong recipients by mistake or attaching and sending the wrong file.  

With remote working looking like it will become more commonplace going forward, public sector teams need to ensure that strong protections are in place to secure the information they hold and that employees have a full understanding of how to work safely outside of the office environment.  

Creating a security first culture 

To do this, IT leaders in the public sector need to create an environment where cyber secure working is at the forefront of employees minds. Many employees have a set way of working which they have been using for years and have become accustomed to, all of which has been upheaved because of the pandemic. This means that they may be slow to pick up new processes, such as secure remote working practices, and stick to what they’re comfortable with, leading to mistakes being made and vital information falling into the wrong hands.   

IT departments need to shift employee mindsets, ensure they are constantly aware of when they’re not working safely and act quickly to address this. Tools such as error prevention technology can play a key role in this process as they pick up straight away when an employee is handling and sharing sensitive data insecurely. If staff are repeatedly being informed when they are not working safely, secure ways of working will soon become more ingrained into their working day, ensuring public data is handled in the safest way possible.  

Learn from your breaches  

A data breach is never a good thing; however, this doesn’t mean that they should always be seen as negative occurrences. Rather than looking at outbound communications breaches or leaks as a damning indictment of their organisation, IT departments should see them as learning opportunities. When a data leak happens, this provides an opportunity to identify why it occurred and what needs to be done to improve outbound communications security and working practices. Technology again can support this process. Secure communications software allows IT teams to identify how and why a breach happened, which they can then look to address to ensure it doesn’t happen again.  

Set your goals  

While software obviously has an important role to play in preventing outbound data breaches, not every platform will provide public sector organisations with what they need. It’s important that before implementing a solution, digital leaders within the organisation have a clear understanding of what they want to achieve from putting the software in place.  

This means identifying what they need the solution to do before any decision is made, whether that’s preventing data leaks, reducing costs, digital transformation or supporting remote working. Through having a clear understanding of what the department needs, this will ensure public sector bodies have the best solution available for both employees and the wider organisation.  

COVID-19 has without a doubt altered how the public sector works and operates, and this has brought up challenges that need to be overcome. However, this shouldn’t be seen as bad but rather as an opportunity to improve working practices to ensure departments and staff can easily safeguard citizen’s data and comply with regulatory requirements. Through changing working cultures, learning from mistakes and understanding what they need to achieve, public sector bodies can create a safer, more secure environment through the pandemic and beyond.   

Dan Patefield

Dan Patefield

Programme Head, Cyber and National Security, techUK

Charlie Wyatt

Programme Assistant, techUK

Jill Broom

Programme Manager, Cyber Security & Central Government, techUK

Sam Wyatt

Sam Wyatt

Programme Manager, Defence and Cyber Security, techUK