Subscribe

Public sector security has to remain a priority

Public sector municipalities can build a culture of security with the right tools, training and technology.

Johannesburg, 16 May 2022

Cyber security is a threat to the public sector. Phishing, smishing, hacks, ransomware – these threats are constant and relentless. Municipalities have to protect their systems and resources from organised cyber crime syndicates that are smart and determined. Over the past year, African infrastructure and public sector institutions have fallen victim to cyber attacks. A fact emphasised in a recent Interpol report on cyber crime in Africa – the report found that a lack of cyber security policies was a risk for the continent, especially as African countries become increasingly digital in infrastructure. According to Henk Olivier, Managing Director at Ozone Information Technology Distribution, the public sector remains a target because it holds a significant percentage of highly valuable data and information.

“There is immense pressure on the public sector to implement robust security controls that minimise risk,” he adds. “However, these tools have to be easy to use and accessible to employees or they’ll simply alienate users and fail to achieve their objectives. Public sector users are under time pressure and need solutions that are simple and effective to do their jobs, securely.”

This is a complex balancing act. On one hand, security has to be pernicious, tight, controlled and vigorous. On the other hand, people don’t want to feel that big brother is watching and controlling their every move. This makes the implementation of a truly robust security solution a careful process that includes users and recognises their pain points. It needs to make their lives more secure not more complicated.

“Perhaps one of the biggest pain points for any user is their password, and having to manage so many different complicated passwords across so many different platforms and logins,” says Olivier. “Many people have to create passwords with capital letters and special characters that are at least 12 characters long and that have to change every so often to meet security protocols. It’s impossible to expect people to remember them, so they write them down.”

It’s a common mistake, along with using poor passwords like ‘12345’ or ‘QWERTY’. People write their passwords on a piece of paper or in a book and these items are easily stolen or copied by hackers or people who have been paid to work from the inside of an organisation. This may sound a lot like a plot from a movie, but it’s very much a part of business reality. Fortunately, technology has been keeping up with what people need when it comes to security as well as what municipalities need.

“One very smart solution for the public sector is Keeper Password Manager,” says Olivier. “This solution is designed to protect users by storing their passwords securely in a centralised database that can only be accessed by them, when they need it. Keeper Business Password Manager protects municipalities of all sizes by ensuring that passwords are secure and secured.”

Keeper uses a proprietary zero-knowledge security architecture and is one of the most audited and certified products on the market. It protects the business and its data while also keeping things simple. Thanks to its configurable roles, role-based permissions and admin privilege controls, municipalities can implement the solution in alignment with existing infrastructure and processes. The software can scale to fit any business size and keeps passwords and private information absolutely secure. All users need to do is create one central password to access the Keeper system, and the other passwords are all stored inside. Access is granted using multi-factor authentication and admins can use the included provisioning, reporting tools and delegated admin functionalities to track trends, areas of concern and more.

“This is just a very simple and smart way to protect systems without having to make users jump through too many hoops,” says Olivier. “Another smart tool that’s highly scalable and flexible enough to support municipalities and public sector organisations is MOVEit. It’s a secure file transfer service that helps audit data movement inside and outside of corporate networks. Considering how much data and paperwork is involved in these institutions, this is a clever tool that fits perfectly.”

MOVEit is secure, auditable, automated and compliant. It allows for seamless on-premises and cloud-based file transfers for sensitive data alongside advanced workflow automation capabilities without the need for scripting. The solution includes encryption and activity tracking toolkits that ensure compliance with regulations such as PCI, HIPAAA, POPIA and GDPR. MOVEit will manage transfers by consolidating all file transfer activities for better management and control; remove human error by automating tasks and workflows without scripting; can be deployed anywhere whether it is on-premises or as a service in the cloud; and is flexibly integrated with any system.

“This is precisely what the public sector wants – a cost-effective and simple solution that makes life easier while embedding security into every crack and crevice,” adds Olivier. “Then, another solution that’s essential to any organisation in any sector, is one that can investigate digital systems effectively in the event of fraud or theft. The latter incidents are inevitable, but with Nuix Investigate, catching the guilty is often just as inevitable.”

Nuix Investigate is one of the most advanced investigation solutions on the market today. It blends cutting-edge digital workflows and graphic analyses with elements of traditional, non-digital investigation to get the results that the public sector wants. This tool offers the public sector the visibility it sorely needs to combat fraud and theft.

“With Nuix Investigate, municipalities can dig deep into the data to find out how an incident occurred, what vulnerabilities allowed for it to happen, and formulate solid response plans to minimise these in the future,” says Olivier. “The software offers powerful visualisations and search capabilities on top of analysis tools that are designed to help government agencies, law enforcement and service providers examine and get answers from their case data. Using this platform, investigators and their teams can make informed decisions and solve cases faster.”

While security will never stop being an issue, there are an increasingly intelligent array of tools that give municipalities better control over the threats and the impact they have. Using smart password management systems, the public sector can ensure that every employee has a high-level password that meets stringent security requirements. Embedding a secure file transfer tool ensures that data is protected at every step in its journey. And, using tools designed to catch crime and criminals, the public sector can use its data to mitigate the threats and recoup losses.

“The future of security isn’t complexity,” concludes Olivier. “It’s smart solutions that just get to work and do what needs to be done – no mess, no fuss and no lengthy integration processes. Users can get started straight away and security is layered throughout the business in a way that’s relevant to how it operates and what it needs.” 

Share

* Article first published on itweb.africa