Top Tips For Effective Public Sector IT Security

Home Secretary Theresa May recently announced that attacks on computer networks are among the biggest threats to the UK, ahead of the publication of a new National Security Strategy.

Cyber crime is a “new and growing” danger, May told the BBC. While last week, Iain Lobban, the head of the UK’s communications intelligence agency GCHQ, spoke of hundreds of malicious e-mails already being aimed at government computer networks each month.

With the long-awaited government’s top line spending review (to be announced on Wednesday), likely to result in severe cuts to public sector budgets; there is concern that these cuts could hit IT spending, leaving public sector bodies facing a serious challenge to provide top-line security against growing IT threats.

I welcome that the administration takes the threat of cyber crime so seriously. It is a serious, and growing problem, that deserves our attention. It’s unfortunate that the necessary spending cuts to remove our deficit are likely to be severe.

Every area of public sector operations is likely to be impacted – and IT security is no different. The sensitive data public sector bodies hold makes them a high-level target for cyber criminals and hackers; and they are all too aware of the crucial need for effective security.

Now public sector bodies will have to adapt to provide the high level of IT security required under extremely constrictive budgets. But the good news is that public sector bodies can install security technology and protocols that allow the delivery of best-of-breed protection against modern threats – but at the lowest total cost of ownership.

Here are my top tips for effective public sector IT security:

  • Regularly updated, and adhered to, general IT security protocols
  • Extensive guidance on the safe use of social media
  • Provision of guidelines on strong passwords
  • Establishing a wireless access security policy
  • Establishing an IT Equipment and data security policy
  • Regular security and network attack assessments
  • Removal of costly and disparate point security systems
  • Deploying a cost-effective unified security architecture

Carl Leonard holds the position of Security Research Manager, EMEA at Websense. Carl is responsible for the effectiveness of the EMEA Security Research Team and collaboration with the global Websense Security Labs teams. Research and project work is oriented around the advancement of the ThreatSeeker network and daily incident handling duties. Carl is an active spokesperson discussing and advising on security-related matters with national and international security publications, and a regular contributor to externally-facing blogs and alerts. Carl has over 5 years experience in the threat research arena.