Economy

SRC lacks back-up for State staff salary data

NancyGathungu2610m

Auditor General Nancy Gathungu. PHOTO | LUCY WANJIRU | NMG

edwinmutai_img

Summary

  • Sensitive data on civil servants held by the Salaries and Remuneration Commission (SRC) are at risk of loss due to lack of a back-up system, officials have said.
  • The SRC, which handles sensitive data such as remuneration and benefits of all public and State officers, has been allowing its senior officials to carry computer storage devices home.

Sensitive data on civil servants held by the Salaries and Remuneration Commission (SRC) are at risk of loss due to lack of a back-up system, officials have said.

The SRC, which handles sensitive data such as remuneration and benefits of all public and State officers, has been allowing its senior officials to carry computer storage devices home, exposing the information to losses as a result of hard drive failures, ransomware attacks, human error, or theft by criminals.

Such data losses are usually mitigated through backup systems that are in a secure and separate location from an original holding device, such as a cloud.

SRC chief executive officer Anne Gitau told a parliamentary committee yesterday that the directors of the commission had opted to carry home hard disk drives for safekeeping on a daily basis.

“We currently allow every director to go home with a hard disk of data they have in their office computers,” Ms Gitau told the Public Accounts Committee (PAC) of the National Assembly.

“We have bought large hard disks of Sh15,000 each which they carry home and back to the office every day. They carry them home in their bags every evening. That is the situation Mr chairman.”

Ms Gitau said the SRC has been unsuccessful in its push for a Sh100million funding by the Treasury to purchase an offsite data backup system.

“We have asked the Treasury for the budget but we have been unable to receive the funding,” she told the committee chaired by Ugunja MP Opiyo Wandayi.

Auditor-General Nancy Gathungu had raised concern about the SRC operating without a data backup and recovery system.

“Although management has commenced engagements with the Kenya Revenue Authority (KRA) with the objective of securing an offsite backup and data recovery site, no formal agreement has been signed as at June 30, 2020. Consequently, the commission is at risk of information loss in the event of a disaster at its premises,” Ms Gathungu said in an audit report.

The SRC’s revelation comes at a time cases of cybercrime are on the rise, with businesses losing billions of shillings and sensitive information to hackers.

Data by the Communications Authority of Kenya (CA), for example, show that cyber attacks on Kenyan organisations rose by nearly 50 percent in the last three months of 2020 compared to a similar period the previous year.