State government has a long way to go to make its data secure from hackers, but it doesn’t have the luxury of taking its time.
Some legislators are suggesting the best fix in the long run would be a uniform security system. That’s a good idea, but the process could be complicated.
So in the meantime, each cabinet agency should be making the quick, easy fixes that experts have said will offer additional protection.
Sadly, all aren’t.
A survey conducted by The Greenville News found that while some agencies are using what information technology experts consider basic to security — encryption and a multi-password system — as security measures, others are still considering what to do. And a few declined to respond to the survey.
Of course, the Department of Revenue has already initiated a full encryption and multi-password system. After all, it was the DOR’s failure to do so that allowed a dramatic breach of the system. The breach compromised information on millions of S.C. citizens and revealed just how inadequate security is throughout state government, despite the availability of inexpensive and simple protections.
All departments and agencies should be doing something similar, not just mulling things over, and not waiting for the big fix that the Legislature will likely want.
Sen. Kevin Bryant, R-Anderson, who heads the Senate committee to investigate cyber security, said some fixes are “no-brainers.” He compared such measures to an agency locking its doors at night — something any steward of public property would do routinely.
For example, access to data should be given selectively to employees. Sen. Bryant told journalists last week in Columbia that 250 DOR employees had full access to citizens’ personal data.
He told the News that he is “alarmed” by what has not been done already. The governor has ordered cabinet agencies to monitor networks as a start, and it has hired an IT security consultant to assess the state’s systems.
Rep. Bruce Bannister, R- Greenville, who is heading a House investigative committee, said employees need to be educated about the rudiments of dealing with classified data. For example, don’t visit a website without assurance that it is legitimate.
The News survey reported that the Department of Probation, Pardons and Parole was the only agency to respond that it had all basic security measures in place.
The State Law Enforcement Division and the Department of Motor Vehicles declined to respond, citing security concerns.
It makes good sense to hear from experts before beginning to implement a system that will make the state’s data secure.
But every day that data aren’t made more secure is a day hackers could take advantage of.
Experts say there are some easy, quick fixes that can help. State agencies should take available steps immediately to shore up their processes until a big fix can be accomplished.