With the help of digital agencies like us here at focus / focusgov who are coming up with effective and engaging ways local authorities can communicate with families, parents and young people, we are seeing more and more local authorities with services based online. This of course is great news, however, with this comes the potential threat of cyber attacks - some more sophisticated than others.
Local authorities are key providers of public services so they can hold a vast amount of personal data containing sensitive information such as health and care arrangements. This alone makes them a very tempting target indeed for hackers.
There are other potential problems such as phishing. Phishing is the fraudulent practice of sending emails purporting to be from a reputable company. Reasons for this could be anything from persuading individuals to reveal personal information, such as passwords and credit card numbers online or to encourage the recipient to open an attachment containing a malicious programme.
This is exactly how Lincolnshire City Council were stung earlier this year. There was widespread disruption and it took almost a week for IT systems to be restored. Lincolnshire’s response to the attack was commendable and led to no loss of data. Staff dealt with issues off-line and kept their services running without impeding the public.
The Cabinet Office’s ’10 Steps guidance on dealing with cyber threats’ put it concisely by saying ‘Put cyber security on the agenda before it becomes the agenda’.
One very manageable way to achieve this is to see cyber as a strategic issue rather than an IT one. Make sure the local authority workforce are aware of the risks and how they can combat them. Perhaps new employee inductions could include details of how to recognise a cyber attack and avoiding opening harmful malware programmes.
Of course various security procedures such as firewalls play an important role but user cautiousness is imperative. As October is cyber awareness month, what better time than now to share with you some tips?
1. Be heedful of email scams
Do you know the sender? Does it seem too good to be true? Does it contain links and attachments? Is it an urgent request?
2. Protect your computer
Always have the latest anti-virus software installed on your computer to keep it up to date and protected from online threats like malware and viruses.
3. Check links
Hover over links in emails and you will see the URL of the actual website you are being directed to. You should see it across the link and bottom left of your screen. If this is different to the link originally shown, don’t click it.
4. Vary your passwords
It’s a pain but the best thing you can do is have a different password for all of your accounts. You should most certainly separate your work from your personal accounts, making sure critical accounts have super strong passwords. You could try lyrics form your favourite song separated by numbers, include a mixture of upper and lower case.
5. Never choose to ‘Save Password’
Browsers such as Internet Explorer and Google Chrome are always looking to increase ease of use, this includes offering to save your password, but you should never allow it to. When websites ask if you want to remain logged in, choose no and always log out properly, just closing your browser does not do this.
Created on Thursday October 13 2016 11:37 AM
Bristol: 0117 949 8008