How public sector organisations can protect their data

In today’s interconnected world, global digital connectivity is more pervasive than ever before. With technology developing at a rapid pace, and organisations embracing new digital solutions at an unprecedented rate, we are also witnessing a simultaneous rise in the scale and impact of cyber threats and attacks.

For public and social sector organisations in the UK, the risks associated with data breaches are even more significant. The very nature of the public sector requires the storage of vast quantities of classified and personal data, requiring the highest levels of data protection. However, this also makes the sector a prime target for cyber attacks, which can severely disrupt the delivery of essential services to our society’s most vulnerable, and significantly damage reputation and public trust.

High-profile cyber attacks aimed at local authorities are on the rise. In 2021, one local council fell victim to a cyber attack that compromised their IT systems, disrupting a number of services for thousands of residents - including benefit payments, planning applications, house sales, and councillors being blocked from emailing other organisations. Not only do these problems caused by cyber-attacks take months to resolve, but rebuilding the servers affected comes at a huge cost to the taxpayer.

Cyber threats in the UK public and social sector

Public and social sector organisations in UK typically have stable IT systems for core operations like financial processes. In most cases, these systems adhere to industry-standard configurations. However, it remains a public sector imperative to ensure the implementation of security best practices and data protection in line with UK-specific regulations and guidelines.

The vulnerability of public sector organisations to cyber attacks also increases when they implement tailored technology solutions. For example, a healthcare organisation will have systems for storing data which are specific to their needs. While the core IT system itself may not be bespoke, it’s often customised and connected to web applications that use the internet, which is where the risk of a breach increases.

Mitigating cyber risks

The top priority for public sector organisations is to ensure that those with access to their IT systems are educated in cyber security best practices. They need to be well-informed about the data they handle, and stay vigilant against common cyber-attack methods, such as phishing emails; these are emails which contain malware - software intentionally designed to disrupt, damage, or gain unauthorised access to a computer or device.

One local council recently noted in their audit committee minutes that they had seen a 50% rise in phishing emails since January 2022, with an average of 30,000 attacks per month in October and November 2022. This alarming increase in the volume and scale of attacks emphasises the need for the public sector to adopt robust protection measures and remain vigilant.

Strong multi-factor authentication implemented across systems will also help reduce these risks. Many organisations still rely solely on user ID and passwords, which provides limited protection. Multi-factor authentication offers much stronger security.

Another important way to mitigate against cyber attacks is segmentation. This involves creating segmentations between dynamic internet-facing web applications and back-end systems where sensitive data is stored. That way, if one system is compromised, the whole database is not compromised.

Continuous monitoring of software also plays a critical role in mitigating against cyber attacks. Software often contains vulnerabilities that are easy for cyber attackers to exploit. It’s therefore important for organisations to promptly locate and ‘patch’ these vulnerabilities. For example, when software providers release security updates, it should be installed immediately to prevent cyber attackers from exploiting any vulnerabilities. Vulnerabilities become public information very quickly.

Read our latest report, Future-proofing cyber security in an increasingly digital world, for an in-depth guide on how to understand and mitigate cyber risks.

Get in touch

To find out more about how we can help you protect your organisation from a cyber incident, please fill out the contact us form below.

Contact us

National contacts