Stemming privacy breaches - human flaws rather than technology at fault
Chair in Digital Government Professor Miriam Lips says that we are the weakest link when it comes to information security, rather than technology.
It’s ourselves, and not technology, that is the weakest link when it comes to information security, says Victoria’s Chair in Digital Government Professor Miriam Lips, commenting on the spate of security breaches in the public sector that have made headlines across the country.
“Technology offers us the secure systems we need, but how we work within those systems is what needs improvement,” she says.
Professor Lips, whose role as Chair in e-Government involves research into the introduction, management and use of Information and Communication Technologies (ICT) in the public sector, says there are some immediate steps both individuals and organisations can take to reduce the risk of further breaches.
For an organisation, she says, that could involve providing training so staff are aware of exactly how a technology works and precisely what they can and can’t do when using it.
"Making people aware about certain practices around personal data is an obvious starting point, so for instance sending as an email-attachment a spreadsheet with personal data is clearly not the most secure way of dealing with that data, but people are often not aware of an easy solution, which is to place that data in a secure environment and provide colleagues or stakeholders with access to it."
She says individuals can also ask themselves whether they really need to send all of the information they're about to provide to someone. They should ask: what’s the essential information that needs to be sent? Could I remove some columns and their data? Or could I leave it in a secure space and provide access?
Professor Lips says adjusting businesses processes to integrate safe practices into daily routine will require ICT understanding and attention from all levels of an organisation—not just frontline staff.
“When senior managers are assessing risk they may feel that it’s risky to give more people access to a secure environment, but on the other hand it solves other major problems, such as the risk of a privacy breach.
“I think it’s important to note the privacy breaches we've seen do not seem to be maliciously intended. Individuals should feel free to notify their managers when mistakes are made, and they should be supported when that happens. That’s the only way to learn from these affairs and make improvements so they don’t happen again.”
She says the New Zealand public sector isn't alone when it comes to this issue and points to the UK, as just one example, where there have been high profile cases of data breaches caused by contract employees losing USB sticks or CDs with large volumes of personal data .
Professor Lips says the Department of Internal Affairs leads all-of-government ICT security measures, and useful information about secure ways of sharing information can be found on their website. The Chair in Digital Government at Victoria is sponsored by Datacom Systems Limited, Department of Internal Affairs, FX Networks Limited, and Microsoft New Zealand Ltd.