Local governments hold millions of gigabytes of this type of data – including financial and legal information, sensitive planning details, confidential medical data, data relating to children at risk and even vulnerable women – including locations of domestic violence refuges.
And poor cyber security has led to numerous high-profile attacks against councils in the past few years. In the August bank holiday of 2017, Copeland Borough Council was hit by a zero-day ransomware cyber-attack. Within three days, most of Copeland’s files had been encrypted. Hackers demanded Bitcoin in return for the files to be returned.
The London Borough of Hackney was subject to a ransomware attack in 2020 in which personal staff data was released, land registry information was scrabbled, and local authority payments had to be halted. Sensitive personal data also led to a year long police operation to try and mitigate the risks to individuals caused by the loss and publication of this data.
Redcar and Cleveland local authorities were also attacked in early 2020 and it is estimated to have cost in the region of £10 million due to the loss of services and a need for system upgrading across many sites.
As more services go online and information becomes digitized the challenges faced by local governments and the solutions to the areas of attack become more complicated. One thing is simple however, strong passwords reduce the chance your organisation will be compromised.
This will need to be led from the CEO and senior management team and will need to be done in conjunction with any in house or outsourced IT support. But the following tips hold true.
The below graphic represents the time to brute force a password using current technological capabilities. Pretty scary when you think of what your passwords are right now?
So, passwords should really be in the top two tiers to be effectively secure.
An ongoing issue is that the more complex the password the more difficult it is to remember - and with the general lack of uptake around password managers the NCSC guidance continues to encourage staff to use three random words as a password instead.
To find out more general stuff about passwords why not watch our short videos?
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We also provide free guidance on our website, and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Finally, you may have access to IT support within your business and we recommend that you speak to them now to discuss how they can implement cyber resilience measures on your behalf.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online.
Forward suspicious emails to report@phishing.gov.uk.
Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
By reporting phishing and cyber crime you could be helping protect other organisations. The NCSC’s Takedown Service, which removed more than 2.7 million scams from the internet last year alone.
Click to Open Code Editor