As some chief information officers and their staff members attempt to get their act together when it comes to securing their companies’ sensitive data here in the U.S., there are some governments around the world that are putting their foot down and really making organizations get their act together. While there all kinds of penalties that American officials may be imposing on agencies that fail to comply with certain security standards that ensure confidentiality, U.K. officials could be taking a more extreme approach. With a recent announcement, the government across the pond proclaimed that it will be cracking down on organizations that do not take the proper precautions to ensure data protection, potentially cutting them off from the Public Services Network as a result.
The U.K. offers an ultimatum
According to Computer Weekly, the government office has marked the end of March as the deadline for organizations to pull everything together in terms of their data protection measures. If they are not able to employ all of the necessary tools and associated tactics so they can prevent unauthorized users from accessing information that could put either these firms’ internal operations in jeopardy, or those of the people and groups with whom they do business. While PSN may be setting the bar high for its data security expectations, this agency is enforcing these regulations with good reason. Not to mention, it is willing to lend a helping hand to organizations that do not think they can bring their IT functions into compliance by the month’s end.
Up until this point, various organizations that make up the U.K. government have been operating under the GSi/GCSX Government Secure Network, being able to carry out all of their allotted duties with the help of a unified set of resources. Now, though, officials have phased out that infrastructure, replacing it with PSN and upping the ante with regards to network security. With this switch, agencies have to align their protection strategies with PSN protocol, or else they risk being cut off from the centralized database and all the applications that go along with it, which would ultimately inhibit their ability to function.
A number of organizations do not think that they can put everything in place in time for the March 31 deadline. At the moment, 30 agencies are not currently compliant with the regulations laid out by PSN. Of that portion of lagging institutions, nearly half of them are encountering issues of some sort, but maintain that they will have everything squared away within the few weeks following the cutoff date. Luckily, because these agencies have proved they are, in fact, making efforts to bring their IT into compliance, PSN is willing to give them a little leeway and will not box them out of the network entirely – at least, not yet.
“We’ve got plans and we know what they’re doing,” said John Stubley, operations director for the PSN program within the Cabinet Office, according to Computer Weekly. “There are cases where organizations genuinely have contracts and things like that they have to work through.”
U.S. organizations should secure overlooked IT components
As agencies throughout the U.K. scramble to secure their sensitive information, stateside CIOs may take this as a cue to get a handle on their organizations’ tech functions, ensuring that it is properly protected. Even if these IT executives have taken basic measures to ensure their information is secured, they may be overlooking certain ways in which they are leaving their data vulnerable to hacking.
For example, Computer Weekly reported that one of the most recent trends in office efficiency is multifunctional printing. Although IT professionals may not think about these devices, seeing the reason to secure them as their staff makes moves toward compliance. However, these gadgets present an array of potential problems that companies should address.
Whenever representatives use these printers to scan confidential documents to make copies, email digital versions or store them as computerized files, these devices are storing these sensitive pieces of information. As a result, these can be stored on the printers, left susceptible to being snatched or sent out by anyone using the device.
Bearing this in mind, CIOs should think about classifying all the data they are printing on these tools, ensuring that there are appropriate policies in place that apply to every type of document. This way, IT executives can limit the risks associated with printer-related risks, cutting down the possibility of confidential information making its way into the wrong hands.