It is with satisfaction we note that the data inspection Board’s director general Lena Lindgren Schelin share our view that the digital disasters threatening the digitisation and the citizens ‘ trust if we do not put in more effort to do things right from the beginning.
It is alarming that it is reported more than 2.200 personuppgiftsincidenter to the data Inspection board in 2018. Most of these are said to depend on the human factor is at the same time not a surprise to anyone. The people who will be developing and maintaining the digital systems throughout their life cycle and those who will use the systems must all be concrete and relevant education and skills.
to handle it, we can’t just blame on the human factor. In order to reduce the gap requires a systematic information campaign and a clear leadership, where leaders:
• determine the security flaws that exist in the business
• determine what risks the business has and how serious they are
• Formulate safety performance goals for the employees to know what is required.
• Provides employees with the necessary mandate and the necessary conditions for it to work long-term.
the Security of one’s business is a management matter, therefore it must also be säkerhetskompetens in the lead. Each business must identify what is skyddsvärt for it. Based on the identification, it is important to give clear instructions for what is allowed and not and staff need to be trained in the safety procedures.
In this type of environments, the cords cannot be solve. There must be the basic features that lösenordsrutiner, power management, encryption for protection of sensitive data at both the storage and the transport, procedures for changes in network, security monitoring, firewalls, independent audits, et cetera, is a long series of basic protections that must be in place precisely in order that people will make errors.
It is not good security to point out the user that is the weak link. Good security starts from the recognition that it is not possible to prevent people from ever making mistakes. Good security, however, prevent the occasional mistakes that cause disasters. Many of these mistakes can be detected with very simple controls. The absence of order and out, poorly implemented, or even the absence of protection is not ”the human factor”. To say that the errors due to human factor and the stay there is dangerous in the same way as it would be to in the care sector see felmedicineringar and malpractice, human error, without introducing control structures which are based off such mistakes. Where we are likely in agreement.
We eagerly look forward to the outcome of the audits that the data Inspection board has launched, and hope that the incident served as a wake-up call for many other activities.
