HMG logo Department of Health and Social Care

SECURITY: Understanding that there are different ways of keeping information appropriately secure

By the end of this module you should be able to:

  1. Use security tools when browsing
  2. Determine if a website is secure
  3. Avoid malicious websites and pop-up windows
  4. Create a safe password
  5. Identify and avoid suspicious emails, including links, attachments and scam requests for information

 

Keeping government information secure is a requirement of our job..

Historically, we’d have installed all the software we needed to use at work onto our DH computers, and it would have been thoroughly tested. Nowadays, with fast internet connections and cloud computing, we can access lots of this software for free online – but it doesn’t go through that testing process, and isn’t necessarily secure.
The answer isn’t total lock-down. We can be open to web-based applications like Trello, Doodle polls, Eventbrite and Google Drive – we just need to make sure we’re using common sense to manage different kinds of information securely.

 

You should:


Safe passwords

There is plenty of advice online regarding how to set secure passwords.


Secure websites

Secure websites can be identified by a little ‘s’ for ‘secure’ following the http: part of the address

If you enter data into http://www.theguardian.com/ , it won’t necessarily be encrypted on its journey from the website to the server. However, data stored by  https://www.facebook.com/, will be encrypted en-route, so the traffic cannot be intercepted.

An easy way to check the authenticity of a website that is requesting personal or confidential data is to look for the https://

Websites sometimes offer “two-step verification” to increase security. For example, you can make a small change your facebook settings, and when you log on from a new location, it will check that you are who you say you are by asking you personalised questions, or sending a message to your phone.

If you are storing data on Google Drive, or in your gmail, you can beef up your Google security for free

 

Pop-ups

Pop-ups are annoying. Sometimes malicious windows pop-up unrequested. They are automatically blocked on work browsers, but if you search “pop up blocker” followed by the name of your browser, google will tell you how to do it on your home computer.

 

Virus scanning

DH networks are built to be secure – so you don’t need to worry about virus scanning or firewalls at work (though you definitely should install them on home computers).

 

Spam email

Most modern email providers will automatically filter spam messages into junk mail. The key message here is not to open messages that come from senders you don’t recognise, and not to click on links or attachments in those emails. Often phishers will try to copy the style of emails from reputable organisations – if you receive this sort of message, let the organisation know (you can tweet them, or find their contact details on their legitimate website). You can read more advice  on preventing phishing and the get safe online site is another good place to learn.

 

Example

Alex is co-ordinating her team’s preparation of a consultation document for publication in a few months.

She needs to:

  • edit the document based on colleagues’ suggestions
  • ensure only one draft is in circulation at any one time
  • make sure that people have enough time to contribute to the document

Some of the people she will be working with are external and do not have access to the DH computer system.

Alex thinks this might be a perfect opportunity to introduce Google Drive to her team.

She decides to consult her team’s Deputy Director first, as she’s aware that this is a sensitive policy document and it may not be appropriate for Google software. Her Deputy Director agrees: the subject matter of the document is controversial and she doesn’t want Alex to store it on the internet.

Alex agrees, but there are still some ways she could use Google Drive to make her job easier.

She can:

  • upload and share a list of publication and clearance deadlines so that everyone (within and outside the organisation) has easy access to them.
  • create a spreadsheet to record annual leave and reminds everyone involved in the consultation to regularly update it, so that she knows when key people are going to be in the office.
  • create a work log – a table that shows who has seen each version of the document, and whether they have cleared it.

It’s not just easier for her: it also makes everybody else in the team accountable to each other.

Online security is about balance. Alex has balanced the risks of sharing different types of information with the opportunities that online tools provide for working more openly and conveniently.

The result isn’t perfect – she still has to email everybody with the latest attachments, which is labour-intensive – but it’s the right level of security for the work she’s doing.

 

Further information 

The DH intranet has a useful guide to using IT in the department, with some tips on online security. (Note: this is currently being reviewed and updated by information services and digital teams to reflect current guidelines around open source tools.) 

You can also brush up on government security classifications.

If you have a question about a specific online security issue, visit this government partner website which has comprehensive advice on everything from working at home to spam emails and identity theft.

 

Back to top