Cybersecurity for local councils: More than a tick-box exercise
Cyber threats are rising for local councils. As vital public bodies that provide essential services across the country, councils are experiencing growing numbers of breaches – in the first half of 2022, UK councils suffered 10,000 attempted cyberattacks every day.
As with organisations across all sectors, local councils have been increasingly digitalising in an effort to improve efficiency and the delivery of services. However, the benefits of digitalisation are coupled with an expansion of the attack surface available for exploitation by cybercriminals.
In this climate, local councils need ways to improve their cybersecurity and mitigate against potential breaches – and going beyond minimum requirements is crucial.
IT Health Checks
If you’re a local council, you are legally required by the National Cyber Security Centre (NCSC) under the CHECK scheme to demonstrate the strength of your cybersecurity posture through a regular IT Health Check (ITHC). By reviewing and providing assurance of the security of key infrastructure systems and services, a full ITHC is a critical element of a cybersecurity strategy. However, there can be a tendency for this to be treated like a tick-box exercise.
Councils are operating on extremely tight budgets and often lack the in-house cybersecurity expertise needed to dedicate the resources necessary to go beyond the minimum requirements of the ITHC and fully implement security best practices. But the good news is that there are a number of easy steps local councils can take to help strengthen cyber strategies and bolster their protection against growing threats.
Working with Wiltshire Council
As a forward-thinking and innovative organisation, Wiltshire Council wanted to work closely with us to ensure its latest ITHC went beyond the basic requirements set out by the NCSC. Having identified key areas to include during the scoping process, we conducted internal and external testing to assess Wiltshire Council’s IT environment and uncover potential gaps in its security.
Crucially, Wiltshire Council engaged fully in the ITHC process. And by choosing to work with a trusted security partner, the council ensured it was well-informed on what testing was conducted throughout the ITHC, fully understood what actions were being taken, and received a clear and detailed report to highlight any vulnerabilities found.
Going beyond the basics need not be costly nor complex and, as a result of Wiltshire Council’s bolstered ITHC, approval was received from the Cabinet Office with no issues or checks needed. Its IT department was in a strong position to remediate gaps identified and the council gained an in-depth understanding of its risk level and exposure, better equipping itself to face growing cyber threats.
Proactive cybersecurity protection
As well as bolstered ITHCs, there are many other proactive measures councils can implement to bolster their cybersecurity even further.
- Cybersecurity awareness training and phishing simulations: Phishing attacks pose the biggest cyber threat to UK councils. Adopting a ‘security-first’ mindset across councils is crucial, with all staff educated about the dangers of phishing emails through regular training and simulations.
- Maintaining good cyber hygiene: Core elements of cybersecurity best practice such as strong encryption, multi-factor authentication and privilege access management all serve to deepen councils’ cybersecurity defences. When implemented and properly maintained, these reduce the likelihood of a bad actor gaining access to sensitive information if a successful cyberattack is launched.
- Vulnerability scans and penetration testing: ITHCs can only provide a snapshot of councils’ security posture at the time at which they are conducted. It’s therefore critical to continuously scan and test for potentially exploitable weaknesses year-round to ensure IT departments can remediate vulnerabilities and reduce the chances of a breach.
Read more about how Wiltshire Council went beyond the basics with their IT Health Check. and get in touch to learn more about DigitalXRAID’s IT Health Check service.