When it comes to data loss prevention, local authorities have a huge task on their hands. A data breach in the public sector, particularly when resident data is in question, is more likely than not to hit the headlines. In terms of reputation management, it doesn’t bear thinking about - not to mention the financial implications.
The fact is, there is a lot to consider: GDPR, HIPAA, NIS2, ISO 27001… the evolving data protection landscape is placing increasing pressure on councils to ensure that their tools are secure, their people are acting responsibly, and that processes are in place to control and manage incidents should they occur. This is an awful lot for IT security teams to consider, particularly when balancing limited resource.
In addition to inbound attacks, such as malicious actors and phishing attempts, forward thinking professionals do not underestimate the potential of human risk.
Since 2019, local authorities in the UK have reported nearly 4,400 data breaches to the ICO. Of these, a huge 94% were the result of non-cyber related issues.
In striking comparison, there were only 16 reported cases of malware, 80 instances of phishing, and 31 ‘unknown’ cyber incidents.
Is this because cyber incidents are simply less prevalent?
It is unlikely. As AI becomes smarter, the NCSC advises organizations to be vigilant, with a focus on raising awareness of growing cyber security risks. But inbound and malicious attacks are not new - this threat type has haunted cybersecurity professionals for a long time. It is far more likely that those responsible for the digital security of public sector organizations have, over the years, built robust strategies to prevent them.
But can the same be said for non-cyber related incidents? The data suggests not.
Which is why attention is now turning to the elephant in the room that is outbound security.
Historically, it has been widely accepted that little can be done to prevent human error. Today, however, AI is empowering employees to prevent seemingly small mistakes with the biggest consequences with machine learning powered solutions designed to prevent mistakes before they occur.
“We are currently making some improvements on our network and are looking for ways to improve cyber security generally. Information protection and data incidents are a concern, whether it’s a crime or accidental, so Zivver fits into our wider plan.” South Kesteven District Council
In addition to human error prevention, organizations are also redefining their approach to encryption and data access control. It is no longer acceptable to share data through unencrypted file transfer solutions or instant messaging applications. Data protection standards such as DORA and ISO 27001 emphasize the importance of multi factor authentication controls; organizations are pressured to review their systems to manage risk, as well as ensuring their suppliers have controls in place to ensure absolute confidentiality of the data they process.
It's time to expect more from our tools.
Data loss prevention is no simple feat, but with tools designed around the needs of people, security leaders can build a robust security framework to combat and control potential data loss.
Here’s how.
Zivver provides intuitive, integrated and cost-effective email security solutions to prevent the leading causes of data incidents for public sector organizations, with:
- Data loss prevention: Zivver alerts users to autofill errors and to the presence of sensitive data, before they hit send, so they can take action to correct mistakes.
- Advanced encryption: With one click (or no click, with if automated security is more your bag), users can protect data by applying zero-knowledge encryption.
- Multi factor authentication: With time-based one-use codes or passwords, users can enable MFA to protect emails from unauthorized access.
- Recall: Take back control of your data with recall you can rely on - without time limits. Or, set expiration limits on emails and files to align with corporate policy.
- Large file transfer: Send up to 5TB from your email client - easy.
We’ve welcomed councils across the UK to the Zivver fold, working with their teams to enable effortless security to protect every email and file.
Here are just a few of their stories:
Keeping things simple at Calderdale Council
IT Project Manager, Nick Lund at Calderdale Council knows that to ensure people are being secure, tools need to be simple and smart:
“It’s integral that we protect users from common mistakes, such as sending data to the wrong person. Zivver’s business rules notify employees of the presence of sensitive data, such as National Insurance numbers or financial information, prompting them to encrypt their email and double check the recipient is correct.”
“Implementation was smooth and the Zivver support team has always been on hand as and when needed. They’re provided support and tips for implementation and adoption.”
“We’ve had lots of positive feedback from staff so far. Zivver is user-friendly and straightforward. Each element of Zivver appeals to different people. Being able to tell whether an email has been opened or not, for example, or sending large files - these are all useful aspects of Zivver which support our different teams."
Human error prevention at South Kesteven District Council
When an employee accidentally sends a file containing sensitive information to the wrong “Gary”, South Kesteven District Council is ready.
With access to data showing whether an email has been opened, forwarded, or encrypted, Gary Andrew, IT Services Manager, and Jamie Moses, IT Support Lead know that it pays to be prepared:
“A neighboring council is using Zivver and a contact there recommended the solution.”
“Notifications to the presence of sensitive data, for example, are great for employees. That gentle nudge to make them question: should I send this, is this the correct recipient? It’s making them think before pressing send, and this is part and parcel of digital security education.”
“Another common incident is accidental autofill; sending an email to a Gary and forgetting that only yesterday you emailed a different Gary. It’s accidents like this that made us choose Zivver.”
“Data protection and compliance are real concerns for us. If an email is sent to the wrong person, Zivver enables the sender to recall it, without limits. We also have visibility of whether the email was opened by the recipient. Even when we have evidence that a data incident has been avoided, we still report to the ICO and provide evidence of how the incident was controlled. Zivver provides this information with automated audit logs.”
Ensuring compliance with GDPR at St Albans City and District Council
Integration with Salesforce means that teams at St Albans City and District Council can manage resident queries submitted to their online portal securely, via regular email, keeping things simple:
“What led us to Zivver was both a need to reduce the risk of human error and a desire to go above and beyond on data protection and compliance, including with the GDPR. Zivver helps us to do both of these things.”
“Authenticating recipient identity before they gain access to an email is going to be invaluable for our teams. We will use organisation codes stored within Salesforce as the MFA control, but the functionality will also be used within normal email, too.”
“Zivver enables large file transfer up to 5TB which will be very helpful for our teams. For example, our planning department regularly sends large files to external agencies. Our legal team often needs to send bulk information to other organisations and currently they have to upload it to a website. Zivver will make their lives far easier.”
“We engage with many other public sector organisations. For example, our Community Protection team regularly engage with residents who are considered at risk, and the police. While they are already very careful when handling PII, Zivver will provide an extra safety net, and also simplify workflows.”
Streamline email security without causing headaches.
We know the challenges facing local authorities today, from data protection and compliance, to restrictive budgets, legacy tech, and limited security awareness.
Zivver is designed to make sharing sensitive data securely nothing short of effortless. Get in touch to learn more.
Last updated - 09/04/24
