Risks of home working in central government
Some of the civil servants in central government believe communication of the secure use of collaborative ICT tools such as messaging apps and online conference services should be clearer. The Netherlands Court of Audit came to this conclusion following an investigation of the use of ICT tools at ministries and High Councils of State during the corona crisis. Some civil servants use WhatsApp and private email to share confidential work-related information and thus do not observe their organisations’ security rules.
The corona crisis has accelerated home working in central government. Nearly all the approximately 175,000 civil servants at the ministries and High Councils of State have been working from home wherever possible since March 2020. This has demanded a great deal of flexibility from the ICT staff and support services. The Court of Audit believes the ministries, individual civil servants and service providers such as SSC-ICT deserve a compliment for the way in which they have responded to the corona crisis.
Clearer communication on the secure use of ICT tools
A questionnaire circulated by the Court of Audit to civil servants in central government and staff at the High Councils of State found that the communication of what ICT tools they could use should be clearer and more understandable. A fifth of the respondents said they were not aware of the agreements in place for the use of collaborative ICT tools. 22% were not satisfied with how the agreements had been communicated. The greatest uncertainty concerned the use of messaging Apps such as WhatsApp and online collaborative platforms such as MS Teams, SharePoint and Dropbox.
7% of the respondents used WhatsApp and 16% private email to share confidential information, even though this was not permitted. They did so because they did not know what apps they could or could not use. The central government’s web site, for instance, states that WhatsApp can be used for work under certain conditions. Several ministries, however, explicitly forbid the use of this messaging app.
Percentage of respondents who idicated they had used a communication channel for work in 2020
Ministers, state secretaries and senior civil servants set an example
Dissatisfaction about the functionalities of the available ICT tools is one of the main reasons given to bypass the rules and use apps that are not recommended. Ministers, state secretaries and senior civil servants do not always use the prescribed and available secure ICT tools, even though their use of ICT tools sets an example for the rest of the organisation. Ministers, state secretaries and senior civil servants sometimes prefer popular messaging apps such as WhatsApp, less secure tablets and smartphones because they are more convenient, faster and more user friendly than highly secure tools.
The investigation revealed an example of this. At the request of the Central Government Chief Information Officer, in spring 2020 one of the ministries set up an extra secure environment for video conferencing calls and offered it to ministers and state secretaries to communicate confidential information. Its offer was never taken up.
The Court of Audit’s investigation shows that central government still has to take steps to improve the secure use of messaging apps and mobile phones. The use of apps and phones is seen as the greatest risk to information security and privacy. If the recommended ICT tools are used incorrectly or not at all, information can fall into unauthorised hands.