COVID-19 has had a drastic impact on how organisations work and operate in 2020 and this is no different for local government.
One of the main changes seen during the pandemic is the rapid alteration to staff’s working practices. While not all local government employees have been able to, many have had to embrace remote working due to lockdowns, having to self-isolate or working at reduced capacity in offices to help keep them COVID-secure. This practice has been crucial in helping authorities to remain operational during a turbulent time. However, it has thrown up challenges such as ensuring staff are working safely while protecting valuable and personal data.
This was highlighted in a recent survey of Public Sector Organisations by Zivver, which found that 43% of IT leaders in local government believed their organisation was ‘less secure as a result of COVID-19’, while 11% of local government respondents were aware of 11-15 data leaks taking place in the past year.
Don’t substitute security for remote working
Drastic changes in location and working practices due to the pandemic have impacted how staff communicate, both internally and externally. Remote workers have substituted face-to-face meetings with digital tools. Local government has coped remarkably well under the extremely stressful circumstances of 2020, but when people are handling so much sensitive data and privacy-sensitive information, mistakes are bound to happen, and they can be costly.
The dangers of data leaks came to the fore recently when the names and email addresses of disabled and special educational needs children were sent out in a mass email by a Bristol City Council staff member. While it’s not clear if this individual was working from home, it does highlight how one mistake could have massive ramifications.
It is all too easy to inadvertently share important, confidential data through insecure, unprotected communication channels, and the impact of the pandemic on our normal working practices, has created opportunities for human error.
With a vaccine now being rolled out, there is hope that we will be able to return to some sort of normality in 2021. While this will be welcomed by many, it does mean that the changes put in place to enable staff to remote work securely may have to be altered once again, as local government employees return to the office. At the same time, many local authorities have said that it is unlikely their full teams will return to the workplace, even once the pandemic has ended. This could mean that any temporary changes to enable remote working will need to become permanent fixtures or upgraded to ensure they are secure for the foreseeable future.
Prioritise email data protection
So, what needs to be done to keep local government communications secure going forward? IT and security leaders should focus more of their efforts on email data protection. Many organisations prioritise preventing cyber attacks, however, these only account for a fraction of data breaches. Whether remote or office working in 2021, this transition period should be used as an opportunity to re-evaluate email security controls and processes, ensuring solutions are in place that help staff work securely without the fear of a data breach occurring.
On-going training is also vital. If staff will be returning to the office, ensuring they are aware of how to keep secure and comply with regulations will help to limit any potential leaks. At the same time, if remote working is going to be the norm for an authority going forward, make sure staff are aware of any solutions put in place to prevent a data breach, how it works and what they need to do to work safely remotely.
COVID-19 has no doubt altered how local governments work and operate. This change should be seen as an opportunity to improve working practices to ensure staff can easily safeguard citizen’s data and comply with regulatory requirements. As we look to the post-COVID world, let’s look to make it one where security is at the heart of communication practices so that employees can work with confidence wherever they are.
Rick Goud is CIO and co-founder at Zivver.