How the new Labour government can maintain effective cybersecurity throughout the public sector – contribution from Yubico?
July 2024 by Niall McConachie, regional director (UK & Ireland) at Yubico
The new Labour government has come to power at a time in which the United Kingdom is facing an ever-growing number of cyber threats. For instance, residents of Dumfries and Galloway in Scotland received letters informing them that their medical information may have been compromised by cybercriminals who targeted the National Health Service (NHS) in a ransomware attack earlier this year.
As such, it’s imperative for the new government to ensure that all public sector organisations are resilient to and adequately protected from cyber threats. Niall McConachie, regional director (UK & Ireland) at Yubico, advises how best to maintain effective cybersecurity throughout the public sector:
“A lot of the challenges around maintaining effective cybersecurity throughout the public sector come from ensuring that internal login methods are as secure as possible. Today, many organisations are overly dependent on the use of outdated methods such as passwords and usernames and mobile-based authentication. Of course, these methods are better than having no cybersecurity measures at all, but they are significantly less resilient against modern cyber threats when paired with poor cyber hygiene. It is vital that public sector organisations frequently train their staff on best-practice cybersecurity habits and explain how employees could put the organisation at risk.
“As part of ongoing digital transformation programmes, public sector organisations are increasingly opting for more modern, robust and user-friendly forms of multi-factor authentication (MFA) and two-factor authentication (2FA). Strong MFA authentication solutions – such as hardware security keys or identity credentials unique to a specific user, such as fingerprints – remove the reliance on passwords or mobile devices and allow users to seamlessly access their digital accounts by presenting phishing-resistant authentication.
“Instead of making staff responsible for following the recommended cybersecurity practices, public sector organisations should strive to make life simpler and safer for everyone by implementing phishing-resistant passwordless solutions. Although implementing any form of change is not an easy feat, providing effective data protection and securing our most valuable information is a top priority, especially when it concerns critical public services.”