Interface control or device control to external storage media such as USB sticks
"Local authorities hit by 800 cyber attacks every hour"
source: computerweekly.com, 3rd Oct 2019
This data is particularly valuable for attackers since it can be used to capture complete identities.
The digitalisation of public institutions and authorities is in full swing:
Public administration has become increasingly networked in recent years. If one system is broken into, it can also be "poached" in systems of other administrations and malware can spread extensively and fast.
Local authorities and councils in the UK have reported being hit by more than 263 million cyber attacks in the first six months of this year [..]
Source: computerweekly.com/news/252471771/Local-authorities-hit-by-800-cyber-attacks-every-hour
The electronic offer to citizens or communication with authorities via online portals has been significantly expanded in recent years. In some cases, only the electronic way of submitting data is still offered.
In many areas, however, the modernisation of computer and operating system equipment has not yet been completed. Until then, there are still weak points which, if patches are not applied, become a gateway for hackers. Authorities are obliged to comply with the legal provisions of the data protection regulations (e.g. GDPR in the European Union, APP - Australian Privacy Principles) and individual country-specific standards for cyber security, e.g. the Essential Eight Maturity Model in Australia. In addition, in various countries, eGovernment laws are in place which regulates the duties of the authorities and requires protection concepts and mechanisms for their digital systems.
Interface control or device control to external storage media such as USB sticks
Ensuring the integrity and encryption of personal data
Prevention and response to attacks
Secure authentication and authorisation procedures, e.g. two-factor authentication and integration of existing user directories (Active Directory)
Monitoring and logging of all accesses and changes in the system
Sensitisation of employees and avoidance of human misconduct
Data medium control and data flow control (only authorised use of external media such as USB sticks). Forced encryption of the data written to the external data carrier is also possible.
DriveLock also supports full auditing of external media usage and logging of data flow, including shadow copies.
Transparent and fast hard disk encryption,
Reliable directory and file encryption,
Encryption of removable media such as USB sticks, CD/DVD or mobile hard disks,
BitLocker Management
Application control with intelligent whitelisting, i.e. a positive list of permissible software applications that can be dynamically expanded.
Detection and forecasting of security incidents, incident response and remediation, endpoint monitoring
Provision of a smartcard middleware for cost-effective use of smartcards (also for new versions). Thus, access/access control and multi-factor authentication can be realised cost-effectively.
Monitoring: Logging and detection of security-relevant events,
Transparency: Extensive reporting and analysis of the security level of the system environment
IT security training and sensitisation of civil servants and employees in the civil service/creation of security awareness to protect against fake emails or phishing attacks.
With its security solution, DriveLock is actively involved in the market for more than 15 years. The company with headquarters in Munich, Germany, has become one of the leading IT specialists for IT and data security.
©2021 DriveLock SE | All rights reserved