With insights from employees, IT decision makers, and data security leaders in local and central government, our latest research investigates the digital transformation challenges facing public sector organisations today.
Sponsored by Oscar Krane
With insights from employees, IT decision makers, and data security leaders in local and central government, our latest research investigates the digital transformation challenges facing public sector organisations today.
Sponsored by Oscar Krane
Nearly 80% of local and central government employees rely on email to get the job done. The reason for this is simple; email is universal. Unlike alternative communications platforms, email does not require time-consuming training; it is not disruptive or difficult to implement from an IT perspective. Residents do not need to create accounts, download applications or jump through hoops to access or request information.
However, IT leaders are all too familiar with the security flaws here. In fact, according to our latest research, 45% of security leaders are concerned about data loss through employee email errors.
According to the ICO, in 2022* local and central government bodies reported the third highest number of data incidents, second only to the healthcare and education sectors.
The reputational damage of a data leak for a public sector organisation is incalculable, comparable only to the devastating financial impact. Of the reported incidents in 2022, nearly 90% were non-cyber related incidents - i.e. non malicious attacks.
To put this in perspective, over 400 incidents were due to human error, including information accidentally emailed, faxed or posted to the wrong person, failure to redact, and misuse of Bcc. These four incidents accounted for more than half of all incidents reported to the ICO in local/central government. In comparison, only 10 incidents were the result of malware and ransomware.
Due to its decentralised nature, security protocols are not widespread across email. The beauty of email lies in its ability to get a message from point a to point b as quickly and efficiently as possible, regardless of the sending and receiving client. This means data is often unencrypted and left open to inception during transit or when at rest.
In addition to missing encryption functionality, email lacks a host of security and productivity features needed to work efficiently and compliantly, including data loss prevention tools, file transfer capabilities, email recall functionality, expiration controls, multi-factor authentication - the list goes on.
For example, a neighbourhood officer dealing with instances of antisocial behaviour needs to be able to engage with police, social services, and residents, sharing special category information regarding the individuals involved - data that must be protected. Traditional email falls short in this instance. If an email is accidentally sent to the wrong person, or the recipient were to forward a file containing personally identifiable information of the individuals involved (for example, using cc instead of Bcc), a data incident occurs. There is also no way for information protection officers to track the scale of the incident once an employee presses ‘send’.
While email does bridge the gap for siloed teams, it must be enhanced to ensure communications are protected before, during, and after sending. This presents some serious challenges for IT leaders looking to empower employees to work efficiently and securely.
While compulsory training, cyber attack simulations, and security policies go some way in preventing security leaks, they can also create a fear culture and hinder productivity. In fact, in a study of over 6000 employees, just 67% had received some kind of data security training in the last two years. Of these, only 36% stated they have applied their learnings in their core role.
That is not to say that training does not have a place in the public sector. Educating employees in digital security best practice is very important. However, people require more than compulsory training to harness and develop digital skills that have a truly positive impact in their day to day work.
It stands to reason that, wherever possible, the best course of action is to simplify digital initiatives. Ultimately, employees must be empowered by technology to deliver quality services for residents, without putting data at risk.
"It is crucial that the public sector takes a proactive approach to data protection and privacy. This means implementing strong technical and organisational measures, (...) the technology we use is fit for purpose and configured correctly, and that we train staff on data protection and privacy best practices."
"There are common mistakes being made in organisations where the method of digital commerce is shaping service provision and the actual IT solution is seen as the ‘end’ and not a ‘means to an end’. Firstly, the purpose/service requirement should decide the IT solution and not the other way around."
How to leverage smart technology designed to integrate with M365 to empower employees to communicate securely, compliantly and confidently.
Read the latest insights, trends and expert views on digital transformation and data protection in the public sector.