Is information loss a risk on your corporate risk register? If not, why not? As one public body told us today, it is the number one risk on their’s.
Why? Basically because the information we hold is of increasing value and there are an increasing number of “baddies” trying to get hold of it or cause disruption to it. In fact according to colleagues at CESG there were 5.1 million electronic crimes in the UK in the year to 20 June with almost 50% resulting in a financial loss. This is compounded by severe reputational damage in the case of organisations like TalkTalk.
Reflecting their communities and users, local public services are increasingly becoming information enabled organisations. With local policies shifting towards early intervention, prevention and coordinated support, there is an inherent need for organisations to use data in more intelligent and secure ways. This trend is going to be one of the defining features of the next five years and those that do it well will be much better placed to lead and support their communities effectively.
Critically organisations are going to have to be confident that their collective information is up to the job and that it is being looked after properly. This is a difficult case to make when savings requirements are driving job losses across the sector in front line roles.
One view to take is that investment in good information increases the productivity and value of remaining staff. Some examples:
– NHS and social care mobile workers have been shown to be up to 35% more effective when they can avoid using paper and having to come back to the office to type up notes.
– One upper tier council in the North has reduced its social care costs by £3m by moving to a multi-agency, co-ordinated assessment and engagement model where information is shared, visits reduced and support coordinated.
– Rochdale council is data to crack down on rogue landlords, CSE, illegal immigration, council tax fraud, illicit trade with 182 prosecutions so far (http://www.towerfm.co.uk/news/local/crackdown-on-rogue-landlords-in-rochdale/)
– Wigan Council has reduced social care costs by £4m and improved service user satisfaction through the “Wigan Deal for Social Care” initiative, part of which is helping users navigate a complex public sector (https://www.wigan.gov.uk/Council/The-Deal/The-Deal-for-Adult-Social-Care-and-Wellbeing.aspx)
There are some other excellent examples in the Finalists of the iNetwork Innovation Awards which you can view here
The point is to say that, whilst we try to sort out our information, unpleasant people are trying to steal or damage it for a variety of reasons. The good news is that tentative steps are being taken to bring local government in from the cold and help them benefit from the support provided by the national cyber security machinery.
What can you do? First off, come to one of the eight “Think Cyber, Think Resilience” days being organised by iNetwork around the country for the Dept of Communities and Local Government and its National Cyber Security Programme partners.
Yesterday we held the third of these in Bristol and the 60 or so people there rated it, by and large, Good or Excellent. The headline question asked by colleagues was “How do we stop this being an ICT issue and recognise that it is in fact a digital culture issue for entire organisations.” At the end of the day, people left feeling inspired, confident and motivated to start taking steps towards better cyber security in their respective organisations. One delegate commented “If the information from this event is shared on a wider scale, we would start winning the cyber war”.
The upcoming events in London and The North West are full so we are looking at creating more space, but there are others. You can find out more about all of them via http://www.eventbrite.co.uk/o/inetwork-1443325044 .
These aren’t about preaching to the converted – encourage your organisation’s policy and strategy makers to come as they’ll gain an understanding of not only why this is important but also the support on offer. Frankly your organisation won’t achieve its policy objectives over the next five years without getting cyber resilience right.
Second if your organisation is a member of iNetwork, or thinking of becoming one, then make sure you’re taking advantage of our Warning Advice and Reporting Point services and meetings. The WARP is part of our wider Effective Information Sharing & Security Programme and sits alongside our Innovative Access to Public Services Programme. It’s no coincidence that our members dip the national trend on data protection breaches!
For more information see https://i-network.org.uk/ and get in touch.
Photo by purpleslog