Almost every council uses technology in their day-to-day operations — whether simply accessing emails or performing more complex tasks such as handling personal data.
Unfortunately however, whatever the reason a council uses technology, doing so comes with risk. Councils large and small are vulnerable to cyber-attacks — with revenue and reputation at stake.
That’s why this National Computer Security Day (Wednesday, 30th November) we’ve compiled 5 top tips to ensure senior council figures can help keep their staff safe from cyber-attacks.
1. Close your doors to malware
You wouldn’t leave your house doors open to potential criminals, so don’t leave your computer’s virtual doors open to cyber-criminals and malware.
Malware, malicious software designed to infiltrate or damage a PC or network without your knowledge or consent, can be shielded against in the following ways:
- Apply your firewall – A good internet router will have an on-board firewall, so don’t forget to turn it on. Bear in mind however, whilst this does provide a good first line of defence, it is not enough to protect against all attacks.
- Protect your PC – You can protect your PC with security software. The best security software will encompass identity theft, risky websites and hacker attacks within a single solution.
- Safeguard your email – Your email system can be safeguarded with a spam filter. A good spam filter will block and flag dangerous emails before they can be mistakenly opened.
2. Implement certain cyber standards for your staff
We recommend all councils have adequate cyber standards for staff to follow, which may include the following:
- Educate staff – First, educate staff about what data is sensitive and how it should be managed. This should include internal and external communications, such as emails.
- Share turn-ons and turn-offs – Which applications can be loaded on company computers, and which are prohibited?
- Require strong passwords – Refer to tip four on passwords.
- Enforce consequences – What happens if the policy is not followed? Be prepared to back up your words.
- Use it, don’t abuse it – What is the proper usage of a company-issued computer? This includes use of the Internet.
- Encrypt – Decide if an email encryption solution to protect your sensitive information is required and when.
- Appoint a “Go To” – Who is the person who employees can ask if they have questions about the policy or computer security in general?
3. Tackle your social media
We also recommend educating your staff with best practices and guidelines when it comes to using social media safely. Consider the following ways to minimise risk:
- Look who’s talking – Decide who can speak on behalf of the council and only allow those employees to write about the internal and external events.
- Define what’s confidential – Social media blogging and posting, for example, should include council guidelines about what information is OK to share and who can post.
- When being social, be smart – Only connect to trusted people in your social network; and when considering what content is OK for staff to share, don’t just think about if it’s confidential, consider what impact it will have too (e.g to your reputation).
4. Protect yourself with strong passwords
Passwords are the key to most council networks, so it’s important they’re up to the job of keeping you safe. The more characters you add, the stronger your password will be. Here’s what to think about:
- Start out strong – Require strong passwords on company systems with a random mix of at least eight characters made up of letters, numbers, and symbols.
- Remember to change – Time out old passwords and require password changes frequently.
- Keep them safe – Store passwords in a safe place and educate employees about poor practice.
5. Consider the risk of personal devices used for work
Many employees bring their own devices to work – but what about the security risks? Here’s what to keep in mind:
- Develop company rules – A set of rules for the use of personal devices is the first step to keeping your council safe. Draft a comprehensive policy that covers matters such as pertinent data deletion, location tracking, and internet monitoring issues.
- Assess the benefits – Councils may decide to permit the use of personal devices for work due to the potential for increased productivity (people work faster using devices with which they are familiar). However, be sure to assess the benefits, as this increased productivity may come at increased risk and cost — as personal devices can be harder to safeguard and monitor.
Any views or opinions expressed in this briefing are for guidance only and are not intended as a substitute for appropriate professional guidance. We have taken all reasonable steps to ensure the information contained herein is accurate at the time of writing. In relation to any particular insurance related issues, readers are advised to seek specific advice.
Specialist Insurance for Local Councils
We are passionate about delivering tailored insurance solutions for Local Councils.