How can the public sector manage the risks that come with the information age?

How can the public sector manage the risks that come with the information age

When historians look back on spring and summer 2017, they will probably write about the unexpected general election result, or the beginning of Brexit negotiations. But perhaps they might also remember it as the time when the world took notice of the threat from cybercriminals.

In May, NHS computer systems containing confidential patient records were hit by a debilitating cyber-attack, believed to have originated in North Korea. A little over a month later MPs found themselves locked out of their emails, and the following week saw a largescale attack on a range of businesses, from food manufacturers to pharmaceutical companies. 

Cyber security is hardly a new issue. It’s been challenging since the dawn of the Internet. But as we explained at the Public Sector Show last month, information is growing on a dramatic and unprecedented scale - by 2020, digital commerce will account for a quarter of the global economy. Every day, more and more information is out there and at risk of being intercepted, stolen or compromised. Unsurprisingly, this poses enormous questions for the procurement of information and content management services. 

This information revolution is incredibly exciting - even given the associated risks - and at Canon UK we can’t wait to see what the next few years will bring. What we do know is that we’ll soon need to store the equivalent of 5.2 terabytes of information in digital form, including written data, video and audio and, of course, images. We expect to see 4.7 trillion photos stored digitally this year alone – up 20% on 2016. All this – and we’re only at the start of the information age. 

Achieving a ‘digital first’ approach 

The public sector must be part of the information revolution, not least to enable it to meet the original Beveridge Report ambition of delivering personalised and relevant services throughout a person’s life. Citizens rightly expect the joined-up digital life in their public services like they experience in their dealings with private businesses. This hyper-connected world also presents huge advantages to those working in the public sector, they can now access to an abundance of data when and where they need it, in the format that suits them best. 

Of course, public sector organisations generally have smaller budgets and more constraints than some businesses. Nevertheless, achieving a ‘digital first approach’ that suits their needs and those of citizens is not impossible – in fact, things like cloud services often have the added benefit of giving smaller players the power of bigger organisations. 

So how can the public sector manage this information effectively? It comes down to three things - capture, process and deliver. These three elements provide a world of opportunities for innovation. 

Ultimately, there needs to be a process of optimisation, transformation, standardisation and digitisation, enabled by tools such as the cloud. It will take improved collaboration to break down silos and minimise complexity; as well as strengthen security and compliance, and ways of working that does more with less. 

A huge responsibility 

The possibilities for how technology can improve public service delivery are endless. Already, much of our interaction with public institutions is digital; whether that’s contacting the council, emailing your child’s teacher or making a charitable donation. And that’s only the tip of the iceberg. 

Crucially, these opportunities must be seized while managing the associated risks. Given the kinds of sensitive and important data these organisations hold – and the rate at which this is increasing - those in the public sector have a huge responsibility to store data safely and securely, and be on the front-foot against cyber threats.   

The ‘Internet of Things’ is a term people assume applies to fridges that tell you when you’re out of milk or coffee machines that remind you to buy beans. But it goes far beyond that. Public sector offices are part of the IoT, thanks to wireless projectors, CCTV, video conferencing, or printers accessed across a company-wide network. 

These devices are internet-connected, constantly communicating with other appliances, and potentially exchanging private information. Yet while hackers are lining up to undermine them, in my experience, people give little thought to making these devices more secure, usually leaving settings at default. 

Take a printing network. A printer is, essentially, a fully functioning computer that is the interface between your physical and digital world. It is a hugely powerful, hyper-connected device, regularly handling everything from letters to emails to invoices, contracts, and customer records. And yet earlier this year it was revealed that printers could be easily hacked via Postscript commands, exposing huge vulnerabilities that are widened by people assuming printer security is somebody else’s job. 

Opportunity outweighs the risks when it comes to printers, so it's important they're secure. To achieve this we need a sea-change in attitude. Instead of starting with the assumption that devices are secure and that content is being held without risk of interception, we need to assume they are not and think about how to change that. 

That means ensuring printers and other IoT devices are configured correctly and that security settings are under review. It means evaluating what data is business critical, training staff to prioritise security, and assuming all devices are leaking information and actually looking at the network traffic. It means thinking about the information we send and protecting it as we would if we were making a bank transfer or sending confidential files through the cloud. 

Getting it right for your organisation 

Not every organisation needs privacy levels that require vein or handprint authentication –technologies that are out there right now. Different sized organisations delivering different kinds of services will have differing requirements. There’s no one model to follow. But with the scale of growth of information in the public sector, procurement decisions need to be made with these considerations in mind. 

Those working in procurement need the right kit with the right configuration options for the scope of their work and size of their operation. We know that that’s easier said than done, which is why we’re pleased to be part of the Crown Commercial Service framework. Some 17,000 public sector organisations can compare machines and specifications easier than ever before thanks to our CCS RM3781 framework. This enables them to efficiently source printing, imaging and content management services, at a lower cost and with less waste. And because a small school will have different needs than a local authority or a hospital, and different answers to the questions I raised above, we offer three lots so that every organisation gets the right equipment and services. 

Over time, the considerations around information security will change, just as the ways in which we capture and store information and the uses for this are bound to develop. Canon UK is excited to be a collaborative partner in this changing landscape and help find solutions to the challenges it poses.

Embracing a digital first approach can be rewarding rather than risky. There will always be cyber criminals, and there will always be threats to information safety and security. But there’s no reason for the public sector to be held back by this - not when you consider the opportunities of the information age to deliver better services, more efficiently, for the good of us all.