There were 100 million cyber attacks on UK local government over a four year period, with 1 in 4 local authority systems breached - some more than once - 56% failed to even report it.
These are the stark findings made by privacy group Big Brother Watch, after a series of Freedom of Information requests.
- Councils estimated that they had dealt with 98 million cyber attacks between 2013 and 2017 (malicious attempts to damage, disrupt or gain unauthorised access to computer systems or devices)
- The most common forms of attack were malware and email phishing, with ransomware attacks also a growing threat
- Gloucester City Council was fined £100k by the ICO after the Heartbleed software flaw exposed employees' special category data.
Yet, most local authorities (75%) don't provide compulsory cyber security training, and 16% have no training at all.
Tips to protect your company from the threat of cyber attacks:
- Appoint IT guardians or mentors - who can act as a conduit between various business functions and IT and who can offer informal advice.
- Train your team to look for common red flags - for example, a generic salutation (Dear Customer), poor quality logos, spelling mistakes, time pressure, fake domain names, mismatched sender details, etc.
- Establish clear protocols - for communicating and sharing information with new clients and suppliers. Insist on direct contact via named personnel or codewords for major changes in terms, payments, etc.
- Take extra care - especially if you are in a senior position or your name is in the public domain as you may be more vulnerable to impersonation. If you hold a senior position or are authorised to initiate payments, agree ground rules with your team - eg, to always make direct personal contact by phone, codewords, etc.
- Introduce dual authorisation - insist on PO numbers for all large payments to combat CEO fraud
- Be proactive - get advice on buying up similar domain names to reduce the chance of customers, suppliers or your team being duped.
Learn more about Information Security & Compliance
If you'd like to stay up to date with information security best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also regularly report key learnings from recent GDPR fines.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!