Security

Proactive Security Strategy for the Public Sector (10 Steps, Part One)

September 1, 2020

Proactive Security Strategy for the Public Sector (10 Steps, Part One)

The U.K. public sector holds some of the most important and sensitive data in the country, from private medical records to military intelligence. Consistently protecting this data is a major priority, which means the IT teams working within the public sector are entrusted with implementing the most effective security measures to prevent attacks or internal mishaps.

Changing how organizations think about security to enable everyone to more proactively fight cybercriminals may be the most crucial and necessary change to make. Across this two-part series, we’ll look at the top 10 steps to achieve this.

  1. Talk More About Risk and Less About Security

Discussions often focus on a black-and-white view of either being secure or not being secure, which tends to deny the reality of the situation. Instead, IT teams should focus on risk, including the following:

  • Considering how much risk the organization faces. Instead of focusing on security measures, determine how damaging a data breach could be to the organization’s reputation or bottom line. By talking seriously about risk, executives and other stakeholders can see and understand what’s at stake, making them more likely to prioritize security.
  • Setting security metrics. Security metrics demonstrate the value of the security measures in place and provide a health check on security and identify areas for improvement. For example, tracking the percentage of programs without the latest security patches can highlight potential security holes.
  • Ensuring lessons are learnt. With the ability to measure key indicators in the environment, teams can improve their processes. For example, measuring how quickly a team responds to security incidents can identify whether the processes need to be improved.
  1. Learn About the Tech Environment

When it comes to protecting the public, organizations need to know their most important data and assets. They likely already have a plan in place to maintain and protect key servers or critical endpoints—now, they must determine the key elements within these.

To start, organizations must define their key applications, systems, data, and employees. Doing so enables IT teams to put processes in place to protect them. In many cases, if an individual is compromised, the organization could be devastated.

Key data is likely to be another big focus. For example, health records contain a vast amount of sensitive data, often leading to a lucrative payday for cybercriminals. Organizations in the public sector should define their vital data stores, heighten security around these items, and regularly review their security policies for these items. While it’s impossible to secure everything, defining and protecting these items should be the top priority for anyone providing cybersecurity.

  1. Strive for Effective Cyberhygiene

The fundamental rules of cybersecurity still apply—teams need the right technology, processes, and effort to improve security and reduce risk. Remaining vigilant about security maintenance can prevent potential disasters. The simplest attacks, like phishing attacks or malicious email downloads, often succeed.

To ensure organizations keep on top of this, they should do the following:

  • Put strong antivirus on every endpoint
  • Regularly patch all systems and software
  • Implement a strong backup and business continuity plan
  • Stay vigilant against spam—this includes putting technical safeguards in place on mail servers
  • Reduce the potential attack surface wherever possible by cordoning some machines off from the web or using virtual machines
  • Set up incident response and remediation plans ahead of time
  1. Consider Different Security Needs for Every Level

Organizations should aim to make the wisest investments with their leadership teams to determine the organization’s key priorities and the best level of security while considering worst-case scenarios.

One of the best adjustments to make moving forward is to provide proactive, periodic updates to the leadership team. Revisit the level of security every quarter or semi-annually, as this may help executives stay prepared for potential threats.

  1. Solid Security Builds Trust

Building trust between public sector organizations and citizens helps ensure the country works in harmony. With government and healthcare organizations holding some of the most sensitive and private information in the U.K., the public needs to be reassured the security measures in place are strong enough to keep their data safe.

Find the full article on Open Access Government.


Sascha Giese holds various technical certifications, including being a Cisco Certified Network Associate (CCNA), Cisco Certified Design Associate (CCDA), Microsoft Certified Solutions Associate (MCSA), VMware Technical Sales Professional (VTSP), AWS Certified Cloud Practitioner, and Network Performance Monitor and Server & Application Monitor SolarWinds Certified Professional® (SCP). He has more than 10 years of technical IT experience, four of which have been as a senior pre-sales engineer at SolarWinds. As a senior pre-sales engineer, Sascha was responsible for product training SolarWinds channel partners and customers, regularly participated in the annual SolarWinds Partner Summit EMEA, and contributed in the company’s professional certification program, SolarWinds Certified Professional.