Public sector failing to manage IT abuse

Jun 14 2005 by Nic Paton Print This Article

Abuse of workplace computers, including viewing online pornography while at work, is still a major problem for the public sector in the UK, an influential study has suggested.

A survey by the Audit Commission has found that IT fraud and abuse are still posing "major problems" for the public sector, with the situation made worse by a "culture of complacency" among managers.

The commission warned that new technologies, such as handheld devices and wireless networking, are creating fresh risks, to which public services are only slowly reacting.

Although there were better security systems in place, complacency and a failure to ensure staff fully understand the rules were undermining them.

The survey, carried out in 2004, polled more than 400 public sector organisations, including NHS trusts, local authorities, police and fire authorities. A total of 200 cases of fraud and abuse were identified.

Since its last survey on the issue in 2001, there had been action on improving security, with policies now in place at 96 per cent of organisations.

There had also been a fall in the incidence of "business disruption" (viruses or other deliberate acts aimed at denying users access to systems), which this time made up only 20 per cent of cases compared with 39 per cent in 2001.

But the report also showed a 13 per cent growth in "reputational risks", including staff accessing pornography or other inappropriate material, (52 per cent of cases in 2004 compared to 39 per cent in 2001).

Financial fraud continued to mount, with 28 per cent of cases in 2004 compared to 22 per cent in 2001).

Just half of the firms polled gave staff training in IT security systems, and only a third informed their staff about their security policy and what staff should be doing.

Audit Commission chief executive Steve Bundred said: "ICT security is only as effective as the staff within the organisation, and too often we are finding that staff are unsure of their role.

"If we fail to get this right we risk eroding the confidence of citizens in the electronic systems that underpin public services."