2020 was a year of unprecedented challenge for anyone working in public sector cybersecurity. As well as juggling the usual trials and tribulations that come with working in cybersecurity, it was a year that brought a global pandemic. This meant that almost overnight, employees had to work from home and cybersecurity teams had to do everything in their power to ensure that systems and data remained safe and secure.
With no immediate end in sight to the on-going COVID-19 situation, it looks like homeworking and all the attendant cybersecurity threats that come with it will continue for some time. Even if the vaccines work and the world returns to a semblance of normality later in 2021, it looks like the pandemic has changed our working patterns for good – according to a survey by Price Waterhouse Coopers, 83 percent of workers want to work from home at least one day a week and 55 percent of employers anticipate most of their workers will do so long after the pandemic has passed.
What does this mean for cybersecurity in the public sector in 2021 and what can organizations do to improve their security posture?
Increase Cybersecurity Awareness and Best Practices
Clearswift launched research with UK public sector cybersecurity workers in May 2020. The Unknown Threat sought to highlight areas of vulnerability in the public sector and bring to light any areas of poor practices that cybersecurity teams might be unaware of. Although the UK public sector has made great advances in cybersecurity over the past four or five years, the findings in our research were concerning.
There was a widespread lack of awareness of cybersecurity, with almost half of respondents having either not heard of, or not knowing what ransomware is. Outdated operating systems are a common point of entry for cyber-criminals, and the research found that 11% of public sector employees were still using Windows 7 - this has not been supported by Microsoft since January 2020.
This all makes very clear the requirement for training and best practice guidance for employees. If an employee can at least recognise a malicious email, then they will be far less likely to click on a link or open a file or image containing ransomware. This need has only increased since the emergence of COVID-19, as a distributed workforce lacks the usual corporate cybersecurity defenses and is perhaps more distracted when juggling work with home-schooling.
Prioritize the Security of Data
Remote collaboration increases the risk that an organizations’ data is not always shared securely 100 percent of the time. With employees sending and receiving sensitive information to each other or to third parties, files can be easily compromised unless protected by a secure solution.
Manage File Transfer (MFT) solutions automate the safe transfer of files, both inside and outside the organization. Fortra's award-winning MFT solution uses encryption and authentication to keep sensitive data secure when sharing files. Without an enterprise solution in place, employees may revert to using software they are familiar with, such as DropBox, Google Drive and others, and while these are fine for personal use, they can’t assure the comprehensive protection a public sector organization needs to minimize data loss or cyber threats.
Combining MFT software with Clearswift’s ICAP Gateway creates an even more effective solution as files are automatically sanitized of embedded cyber threats such as ransomware and any unauthorized sensitive data is removed.
Manage Digital Transformation and the Move to Office 365
Digital transformation has been an objective in both the private and public sectors for a number of years now, and while there has been undoubted progress, there is mounting pressure for the public sector to go even further. This includes the digitalisation of many services and investment in modern systems that help people access government data online.
COVID-19 also served to accelerate many trends that were already gathering pace and momentum, and one-such digital transformation trend is the move to Office 365. The effectiveness of this comprehensive collaboration suite is undeniable with many public sector organizations already benefitting from its cloud-based capabilities. But in the rush for cost-effective deployments, are public sector organizations missing out on vital security for emails for example because the level they’ve bought into does not provide adequate protection for sensitive data or cyber-attacks?
Clearswift’s email security solution is used by many public sector organizations to close these gaps in security. Working in parallel with Office 365 deployments, it provides more robust and rounded protection from ransomware threats and sensitive data loss.
Building for 2021 and Beyond
It is going to be another tough year for cybersecurity teams, balancing the day-to-day security demands – made even harder by the on-going pandemic – with the need for digital transformation and adapting to the future.
Achieving both requires a combination of agility and forward-thinking. Increasingly this involves working with in partnership with cybersecurity vendors who can provide and integrate best-in-class solutions. Fortra Data Security Tools help keep public sector organizations safe and secure from the ever-evolving challenges that face them.