Swedish National Audit Office: This is how we in practice can create a safer Sweden and safer citizens

The information security in the state administration is not at an acceptable level according to a report from The Swedish National Audit Office, Riksrevisionen. These flaws can have serious consequences for society.

Here are ten steps to effectively secure Swedish authorities – and also protect Swedish residents while making authorities more accessible to citizens.

1. Create traceability – who has done what in public IT systems? Find a balance between monitoring of employees and citizens and the effect of it.

2. Determine which users have access to which IT systems, and what kind of systems have access to other systems. For example: Which alarm systems can communicate with other systems and can certain medical devices talk to other systems or appliances?

3. Define and control what kind software may be used. Old software is always less secure than newer versions.

4. Use a good management system that monitors compliance.

5. Find the right level of IT security. It is entirely dependent on what kind of information is being processed. Military and intelligence data must be kept safe from intruders while information contained in other state authorities should be properly classified and publicly available.

6. Don’t forget the life cycle management of IT systems, staff and hardware. If a public employee is leaving a position and the computer is sent to destruction but is still valid in the system, it is easy for unauthorized persons to use the computer to log on to the authority’s internal IT systems.

7. Use technology that simplifies and speeds up tedious and time-consuming procedures. Poor usability is making users fail to follow the security procedures.

8. Handle identities in an automated and secure way. Passwords can easily be used by unauthorized persons while physical ID cards or card readers often are too complicated to use. Solutions like mobile BankID enhance compliance with safety procedures because the solution is simple and easy for the user.

9. And do not forget that IT security is an investment – not a cost. Modern history is full of very costly and dangerous intrusions.

10. In addition: in the same way as a good environmental performance can boost your reputation, cybersecurity can be used as a confidence gauge. Who wants to go to a medical center that is messing with the patient’s medical record or who trusts an authority that is careless with personal information?