Everyone is living in an increasingly digital world. For councils, schools and other organisations, this means:
- People accessing more services online
- Employees working more flexibly
- Employees connecting to systems from different locations
- More data sharing with partners
All this is happening alongside increasing numbers and sophistication of cyber attacks. In 2019, councils experienced 500 million attacks; that’s 800 every hour!
The Local Government Association is in the middle of a three year programme to improve the overall cyber security of councils. This is funded by the Cabinet Office National Cyber Security Programme.
Councils already have a range of cyber security arrangements in place but with increased threats, the whole public sector needs to ensure it is maintaining and improving its defences.
In 2018/19, all 353 English councils completed a ‘stocktake’ to help identify areas that needed further work. This exercise also helped to raise the profile of cyber security. The stocktake found that technological security is the strongest area, but awareness was the weakest. Leadership and governance was also identified as an area for improvement.
Technological measures can only do so much. Without good training and awareness, these measures risk being undermined by people who may not understand the impact of their actions.
It is key that employees know what they can do to help their organisation remain secure. Most councils had done some basic cyber awareness training but a significant minority had not.
Improving this area need not be expensive or complex. But does require commitment of leadership to support training and awareness, through different methods and on an ongoing basis.
Further guidance, resources and information: