As many as 90 per cent of the UK's largest city councils cannot guarantee that all sensitive data held on their laptops is encrypted, according to research released today.
Of the 40 IT decision makers working for UK councils which were questioned by network solutions provider Telindus, nearly half said they had responded to recent data leakage incidents by reviewing or rolling out new security technologies to ensure sensitive data held on laptops is protected.
But 43 per cent had no immediate plans to upgrade their data protection. Telindus said that meant they were relying on password authentication and the diligence of staff to follow security policies that state sensitive data must not be transferred to laptops.
Paul Birdman, Telindus defence and public sector specialist, told IT PRO that councils had been concentrating IT investments on those projects that enable the transformational government measures mandated centrally.
"The addition of transformational government and mobile working had been piecemeal, not allowing these councils to look at security holistically," he said.
And, with 92 per cent of respondents saying they enabled their staff to connect to the council network from remote locations, Birdman said these councils were running the risk of human error or malicious sabotage.
He added that, for those councils that had, encrypting data would certainly help protect data from the opportunist thief. "But the key is to stop them getting at that data in the first place, in which case, you need an understanding of layered security approaches that includes an end-to-end view of the network," he said.
The research concluded that councils should boost security at all levels in the enterprise IT infrastructure, and think beyond encryption when reviewing their security measures. Telindus specifically advised councils to consider installing a track and kill' device on all laptops, for example.
Birdman added: "But it's important not overlook the ability to have redundancy and backup if someone does get at sensitive data. The ability to have redundancy and ensure the data is backed up is another part of the story. With other research [saying] it costs councils as much as 57 per line of lost data, they can't afford to ignore the problem."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Tech leaders worry AI innovation is outpacing governanceNews Business execs have warned the current rate of AI innovation is outpacing governance practices.
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
The gratitude gapWhitepaper 2023 State of Recognition
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Meta sues ‘data scraping for hire’ service that collected info on 600k usersNews Meta says tackling data scraping will require a “collective effort” from platforms and policymakers
-
Building a data governance strategy in 2023In-depth Data governance will continue to expand as attitudes change and businesses look to optimise the value of their data
-
FCC plans strict overhaul of 15-year-old US data breach regulationsNews Telcos could no longer be able to use negligence as a defence for data breaches as the FCC also seeks to hasten public notification of breaches
