1. Home
  2. News
  3. Uncategorized
  4. Municipalities must take IT security seriously

2017.08.18

Municipalities must take IT security seriously

IT security has suddenly risen to the political agenda since the IT scandal at the Swedish Transport Agency broke earlier this summer. Now, an IT index developed by information security companies and Stockholm University shows that the finance and insurance industry is best at IT security, while municipalities come in last.

”"There is a naivety among the municipalities. Unlike the county councils, which realize that they have a lot of information that needs to be protected and that they must handle securely, it is as if the municipalities do not even understand that they are sitting on all this information," says Anders Stromberg to Swedish Television. He is the marketing manager at the company Advenica and one of the architects behind the index.

There is a lot of data about us citizens that is stored by the municipalities. Regardless of whether you apply for a building permit, a preschool place or contact the municipality via the website, your information is registered in one of the municipality's various IT systems. In addition, the state has transferred more and more tasks to the municipalities, which means that they are responsible for more and more: childcare, schools, elderly care, some healthcare, care for the disabled, rescue services and housing.

And everything requires its own IT systems.

As citizens, we are expected to handle more and more of our affairs via e-services. And as soon as you fill in your details or ask a question in an e-mail form, your personal data is stored. As soon as you click "Send", you have given your consent to the municipality storing your personal data.

Municipalities are required to conduct risk and vulnerability analyses. When the Swedish Civil Contingencies Agency, MSB, presented an in-depth analysis in January, it turned out that 70 percent of the country's municipalities lack systematic work on information security. In 40 percent of the municipalities, a risk analysis is missing and just as many municipalities lack a designated function with responsibility for information security. This is, of course, not good.

”"Now it's up to municipalities, county councils and regions to take this information into account. We should ask them the question - do you take IT security issues seriously?"

In the government, the Ministry of Enterprise, Innovation and Technology is responsible for IT issues, among other things. Peter Eriksson (MP) is the Minister for Digitalization, so it can be assumed that IT security falls under his responsibility. So far, no one seems to have asked him how he views the issue.

But just as with Sweden's municipalities and county councils, SKL, it seems that it is the benefits of digitalization that are being worked on, not so much with its dangers, risks or disadvantages. SKL has indeed recently presented a memorandum, "Information security and outsourcing of IT operations due to information leakage at the Swedish Transport Agency".

Now it is important for municipalities, county councils and regions to absorb this information. The question should be asked to them – do you take IT security issues seriously? Are IT security issues high enough on the political agenda? Investigative journalism and alert municipal and regional politicians can work wonders.

Read the article also here.

Uncategorized