Politics.co.uk

Public sector ‘complacency’ on IT security

Public sector ‘complacency’ on IT security

There is still a “culture of complacency” over IT security in the public sector, according to a new report from the Audit Commission.

The public spending watchdog’s seventh report into IT abuse in the public sector also found a significant rise in staff accessing inappropriate material such as pornography.

Today’s study, based on a survey of over 400 public sector organisations including hospitals, police and local authorities, identified 200 cases of IT fraud and abuse.

Fifty-two per cent of these cases involved staff accessing inappropriate material – a 13 per cent growth from 2001.

The commission warns that the public sector is only slowly reacting to new technologies such as handheld computers and wireless networking.

It identified a “culture of complacency” and a failure to ensure that staff understood IT security rules.

Chief executive Steve Bundred said: “The growth in new technology – through PDAs and wireless networking, for example – coupled with the greater sophistication of hackers and fraudsters, mean that the risks remain significant. ICT security is only as effective as the staff within the organisation, and too often we are finding that staff are unsure of their role.

“If we fail to get this right we risk eroding the confidence of citizens in the electronic systems that underpin public services.”

He called on all public sector chief executives to review their IT policies against best practice guidelines.

A spokesman for the PCS, the main civil service union, said it was vital that there were clear guidelines in place across the public sector.

He emphasised that union did not “condone computer misuse and the viewing of pornography at work” but said standards of acceptable use varied across sectors.

He added: “What there needs to be in the civil and public sectors is a clear, consistent set of guidelines on what constitutes computer misuse, what constitutes inappropriate material to be viewed, and staff need to be made aware of these policies in order to avoid confusion.”