News Flash

Here is the government’s guide: basic cyber security best practices for public administration employees

Because every public employee can be the first line of defense against hackers

The government

12 August 2025

Table of contents

  • Digital life is a minefield: smart behavior is essential
  • The weakest link… or the first defense
  • Common threats: what can take an entire administration offline?
  • The life-saving rules of public cyber security
  • Artificial intelligence remembers everything
  • Security is not just IT, it’s culture

Digital life is a minefield: smart behavior is essential

We live in a world where cyber threats are rising every day. From phishing scams to ransomware, stolen credentials, and malicious uses of artificial intelligence. But the hard truth? Over 50% of cyberattacks on Public Administrationsoriginate from human error. A single wrong click can compromise an entire system.

Download the Government’s Guide

Wars are also fought in cyberspace

Today, cyberattacks are often linked to geopolitical conflicts: the Russian-Ukrainian war, tensions in the Middle East, and other crises become digital attacks that strike everywhere, including Italy.

Public bodies are prime targets: hospitals paralyzed, medical data leaked on the dark web, universities and municipalities taken offline by malware. Every attack comes with both economic and reputational damage.

The weakest link… or the first defense

There’s a saying: the weakest point lies between the keyboard and the chair. But that same user can become the strongest protection. Governance, cyber security technology, and daily behavior are the three pillars of digital security. And it’s precisely everyday habits that make the difference between safety and disaster.

Common threats: what can take an entire administration offline?

A fake link in a phishing email can take down an entire institution. Stolen credentials, compromised emails, unauthorized software – all these are potential doorways for hackers. Their goals? Disrupt services, demand ransoms, and steal sensitive data.

The life-saving rules of public cyber security

Here are the 12 essential rules for working securely every day in the public sector:

  1. Enable multi-factor authentication (MFA)
  2. Use strong, unique passwords for work and personal use
  3. Lock your device whenever you leave it unattended
  4. Always install system updates without delay
  5. Only install authorized software
  6. Use only officially provided devices
  7. Never trust urgent emails or suspicious links
  8. Report any lost devices immediately
  9. Avoid connecting to unprotected public Wi-Fi
  10. Report any anomaly, even if it seems minor
  11. Use your work email only for institutional purposes
  12. Never paste sensitive data into AI chats

Artificial intelligence remembers everything

Tools like chatbots and generative AI are not designed for data confidentiality. When you paste a document into a chat, that content can enter the AI’s training set. It may resurface later—out of context and potentially in the wrong hands.

Security is not just IT, it’s culture

Protecting the PA’s data means reinforcing public trust, avoiding fines, and ensuring service continuity. That’s why administrations must act now: they need clear rules, ongoing training, and internal vigilance.

5
To top