Digitalisation has revolutionised bureaucratic processes as a whole. Like other sectors, public bodies across the world have adopted web-based software and support to increase the efficiency of their operations.
However, despite the many benefits it delivers, this transition also makes the public sector an attractive target for cyber criminals. “The amount of third-party data handled on public sector servers, much of it highly sensitive, means the likelihood of it suffering a cyber attack is higher than for other sectors,” says Dominic Richardson, CEO of Dolos.
According to a recent report, there was a 40% spike in attacks directed against public bodies in the second quarter of 2023. Moreover, some of the most high-profile cyber incidents impacting the sector occurred last year. For instance, the attack on the public hospital Clinic de Barcelona in March 2023, where large amounts of sensitive information were stolen, and 150 non-urgent surgeries, 3 000 outpatient visits and between 400 and 500 blood tests had to be de-scheduled.
Considering this spike in threats and paying special attention to the damage that can be caused, not only to the reputation of the public sector bodies but to the general population, it is important for these organisations to invest in a cyber security system that protects the privacy of citizens' data.
How to protect public sector bodies from a cyber attack
Public services aim to facilitate the day-to-day life of the communities where they operate. Safeguarding the privacy and security of citizens' data is also an important consideration in achieving this goal. Here are some basic measures that public bodies should apply to strengthen their cyber security:
- Install a firewall: A firewall makes it possible to filter connections entering the network, preventing malicious actors from entering it. It is a fundamental tool for protecting an organisation against potential cyber attacks and, therefore, mandatory for all public bodies.
- Keep software up to date: An outdated system can create security breaches, making it the ideal target for cyber criminals. Ensuring cyber security systems are up to date is a priority. It is also key to monitor regularly any vulnerabilities that may arise to achieve more effective data shielding. The best option for those organisations that lack the resources to employ an internal team is to entrust the task of security patch management to external experts.
- Make backup copies: Backing up systems and data regularly is one of the basic steps towards combating data theft. Storing copies in a separate network or offline prevents backups being destroyed by encrypted malware.
- Prevent malicious connections: While DNS services are essential for accessing online sites, they are also vulnerable to threats. Incorporating a solution that can detect and block potentially dangerous connections can prove a good ally to protect an organisation's networks and user data. WatchGuard’s DSNWatch provides detection, blocking and monitoring of insecure connections through a cloud-based system that makes it simpler and less costly to administer.
- Limit access to sensitive information: Public service bodies make data protection and control over who accesses it a priority to ensure user privacy. Limiting access to files containing sensitive information reduces the chances of data theft caused by negligence or unauthorised access by external agents. Our experts therefore recommend a zero trust approach that restricts access and only allows users to access information that is strictly necessary to their task.
Considering the damage that a cyber attack can cause not only to the organisation itself, but to society in general, the public sector must deploy an up-to-date and sophisticated cyber security system to safeguard citizen data. By applying simple but effective cyber security protocols, public bodies can better serve their communities while protecting sensitive data.
Learn more by reaching out to the experienced team at Dolos. They will assist you in setting up a complimentary assessment, tailored to your organisation’s unique requirements.
Share