Posted in Just saying

Security breach in gov services

   27th August 2023  Leave a comment

I used to work in IT security, not in a big way, but it was part of my job to secure up to 35 desktop computers, a few hundred laptops and networked servers, some of which contained half a million recorded of UK customers. So not saying I’m an expert but, unlike our government’s IT security advisors, I know the basics.

These security breaches now seem to be very regular events. This week we have the Met Police, the other week it was the Northern Ireland police, before that there was a string of business hacks including banks. Of course all these will be blamed on Putin, but how does that excuse the dereliction of duty of those who maintain the security of such important data? Well to be blunt it simply does. They should run tests to prevent such issues arriving, the fact they haven’t is a fundamental breakdown of this countries’ data security.

Questions should be asked about even why some of these data was held on internet facing servers. The best policy is to keep them separate, that way it’s not possible to get at the data from outside. Yes, in some cases it’s vital that data is accesses from different locations and in some case the only option is to minimize the risk. But this is top level secure data open to anyone who has the key to the door or can force their way in. It’s simply not good enough.

They are measure that can be taken to make the data both secure & accessible to the right people in the right places. The very first step is to take the data off any network that has internet access. They give restricted access to the network the data is on or even arrange for systems that deliver requested data in encrypted form. Together with regular housekeeping to make sure when and where data is moved & deleting data no longer needed.

These breaches are at such a high level, I would suggest whoever caused the breach or failed to protect the data should be first investigated and at least sacked immediately and never allowed to work at that level again. I’ll end this article by saying the company I worked for, and left because they went back on a promise of promotion, they had a data breach some years after I had left but in the ten years I was there, including installing their first ever internet systems, email, antivirus, firewalls and NAT servers, the was never a problem.

Share:

Leave a Reply

Your email address will not be published. Required fields are marked *