Unfortunately, it's unlikely that this will be the last of such problems.
So far, very few local council websites offer transactional services - just one per cent, according to last year's figures from the Society of IT Management.
As a result, many public sector IT professionals have yet to encounter the full complexity of the security measures required to protect their systems, and their customers, from the dangers of the web.
Whitehall identified these risks in a security framework document published last year, to alert the public sector to the threats of hacking, viruses, denial of service attacks, organised crime and the internal misuse of IT systems.
It may well seem alarmist, but the threats are real, and websites are increasingly becoming a target.
According to a survey by the Department of Trade and Industry, one in five UK companies have suffered a website security breach.
So how can IT professionals in the public sector survive the online security rollercoaster?
Unless you're responsible for the security of your organisation's IT infrastructure, becoming a world authority on the intricacies of secure socket layer technology or intrusion detection systems will not be necessary. But there are some basics that every IT professional should know.
Ensuring you have adequate budget to cover new purchases or services may seem obvious, but it's a fact that many departments overlook.
Experts recommend that organisations spend about three per cent of their IT budgets on security, but the majority only spend about one per cent.
Spending these funds wisely can be a long and complex process. Security is big business - one of the only IT sectors growing.
As a result, there is a huge range of products to choose from. Rather than focusing on the products, think about the three main functions of security technology: protection, detection and response; and how these apply to the website infrastructure.
If your organisation doesn't have an active security plan, try to ensure it has one before the website starts performing any transactions.
Security plans vary depending on the organisation, but it should include a security architecture guide, incident response procedure and 'acceptable-use' policies.
It's important that the IT department, and the rest of the organisation, understands the risks of being online, and more basic threats such as poor password systems.
These risks need to be assessed regularly as the e-government agenda changes the nature of the organisation, its IT systems and processes.
Independent testing and monitoring your security systems can help mitigate these risks, but no IT infrastructure can ever be completely secure.
Effective security isn't just about technology, it's also about an organisation's employees. It's important to communicate to staff that they have a responsibility to use technology securely; and don't forget that a large proportion of security breaches come from within.
Pre-empting the numerous "what if?" scenarios that could lead to such a security breach is an impossible task.
But by arming yourself with a basic understanding of security, and keeping up to date with new technologies and threats, you will be able to help stop the lid of Pandora's Box flying open at every opportunity.
Quelle: vnunet
