Too often electronic systems have replaced paper based procedures without effective training, says broker
Nigel Jones, director and IT forensic expert at Aon, commented on the recent HM Revenue and Customs data leak: “It’s a naïve attitude to blame junior officials for the HMRC data leak, rather than organisational failure. The human element is often the weakest link in data management but staff education is usually low priority. An assumption prevails that “people will do the right thing” but this is a dangerous approach – what training did the “junior staff” receive that would enable them to recognise the dangers of their actions?
Aon’s advised taking the following steps:
• data should be separated so that if one part of it goes missing, it would be of no intrinsic value to the person in possession;
“Too often electronic systems have replaced paper based procedures without effective training of staff.
Nigel Jones, director and IT forensic expert at Aon
• each data set should have been separately encrypted – simple password protection is a weak form of protection
• use of secure encrypted data transfer systems to connect government departments without the need for transferring data using disks.
Jones added: Public sector organisations are being encouraged by central government to adopt “E” solutions, driven by cost savings. But not enough of these savings are being applied to proper data management, information security measures and educating staff on the use of the technology and the risks it carries. Too often electronic systems have replaced paper based procedures without effective training of staff. Many public sector organisations now have IT risk as a priority in their risk registers but few have taken action to mitigate the new risks they have identified.