Government agencies at all levels – national, regional, and local – are struggling to meet two conflicting imperatives.
One demand is for transparency: constituents (individuals, businesses, and other organisations) increasingly expect that information in the hands of government will be accessible to and usable by everyone with a legitimate interest in it. The offsetting demand is for accountability: constituents and lawmakers want government agencies to ensure that the information they are charged with protecting is secure and that personal information – in particular – remains private.
The scope of this challenge can be seen from recent studies of data breaches in the government sector. The UK’s Information Commissioner’s Office (ICO) reported that the number of data security incidents in the local government sector increased by 34% compared to the previous quarter, and found that the most prevalent incident type between January and March was paper-based. In 2015, Ponemon Institute placed the worldwide average total cost of a data breach in 2014 at £2.5 Million, and estimated that in the public sector, the average cost per stolen record was £50.
Against this backdrop, government agencies are taking an especially hard look at their document-based workflows – the processes by which they receive applications, administer benefits, respond to enquiries, request proposals, and so on. Many of these workflows depend upon a mixture of paper and electronic data; outdated analogue equipment (e.g. fax machines) and today’s computing hardware; and human or system-driven reviews and approvals.
The sobering reality is that every “touch point” in these document-based workflows is also a point of vulnerability. Every time a document containing protected information is created, scanned, copied, printed, faxed, or emailed, a citizen’s private information is at risk of exposure, and a government agency is at risk of fines or legal sanctions.
In a recent post, we discussed how agencies can address the inefficiency and risk of paper-based processes, by replacing manual steps with an automated approach. Here, we look at how agencies can ensure the secure and compliant handling of information via smart devices – notebook computers, tablets, mobile phones, and multi-function printers (MFPs).
Mobility can be a mixed blessing
Mobile devices such as smartphones and tablets can provide compelling improvements in convenience, ease of use, and accuracy. But whether they are owned by an agency or its employees, they can also be lost, stolen, or used inappropriately in the workplace.
Digital MFPs, if not secured, can be used to make unauthorised copies or scans. In the absence of encryption and file-destination control, they can be used to email sensitive information to unauthorised addresses. Documents stored on the MFP’s hard drive can be improperly printed out, or copied onto a USB stick.
The only way to protect data at rest, data in motion, and data in use is with a system that combines enforced (but unobtrusive) user authentication and authorisation with automated encryption, destination and output controls, and audit trails. This kind of system empowers a government agency to assure the integrity of protected information, no matter what device has accessed or transmitted the documents containing that information.
Securing information at every touch point
A new Nuance white paper, “Securing, Automating, and Mobilising Government Workflows,” explains how an advanced capture, workflow, and print management solution achieves these goals. It details nine essential best practices for securely handling documents that contain protected (or protectable) information:
- Require user authentication
- Restrict access based on user authorisation
- Centrally audit all network activity
- Encrypt data to and from MFPs
- Only release print jobs to authorised personnel
- Implement rules-based printing
- Enforce trusted network destinations
- Monitor and control personal-information activity
- Standardise and integrate network scanning
By applying these best practices automatically, this solution adds a layer of security and control to any government agency’s document-based work processes. It enables agencies to create, access, and share information that is protected (or protectable) securely, throughout every step in a workflow … and to bring the goals of transparency and accountability within reach.