Government departments urged to clamp down on IT misuse

Whitehall departments have been urged to tighten their approach to internal security to ensure civil servants are only accessing...

Whitehall departments have been urged to tighten their approach to internal security to ensure civil servants are only accessing files that they are allowed to.


The calls came after it emerged that hundreds of civil servants were disciplined last year for accessing confidential computer files they had no right to read.


The Inland Revenue was among the worst offenders with 322 staff disciplined last year for breaking rules on internet, computer and e-mail use. Of these 146 were found guilty of "unauthorised access" and four of unauthorised disclosure. In comparison, the Ministry of Defence reported only two cases last year.


In the seven years to 2003, the Revenue investigated 1,369 cases of suspected computer misuse, more than 1,100 of which resulted in disciplinary action.


Steve Webb, the Liberal Democrat Work and Pensions spokesman, told Computer Weekly, “My concerns are twofold – there is the snooping aspect and the threat of viruses. Technical solutions such as filtering could be the solution but we might have to go down the route of having spot checks on PCs.”


Mike Davis, senior research analyst at Butler Group, said the number of disciplinary cases indicate that management of staff needs to be improved.


“All of us, if we had access to systems that contained our records or those of our friends, would be tempted,” he said. “Training and awareness of staff needs to be increased so it is very clear what is not allowed. You could maybe even have guidelines on the desktop screen.”


Although it is largely a management and process issue, technology can help to authenticate users, Davis said.


“It is a technology issue when you are asking whether people have the right to access this information,” he said. “It is not difficult to do with basic security models, but a lot of departments use old systems which means there is a risk of exposure.”


The risk to confidential information at the Inland Revenue was highlighted by Computer Weekly last year, when it revealed that the Revenue had warned staff, who were waiting for their own tax credits to be paid, not to check their records on the department’s IT systems.


The warning came a month after a report from the Public Accounts Committee revealed that two Inland Revenue staff who were dismissed for computer misuse in 1994 and 1996 were sentenced to a year in prison.


In an attempt to overcome these problems and improve internal performance, the department is planning to spend £31m on a new management information system by 2007.

Read more on Data centre hardware