100 million local government cyber attacks but still no training?
There have been almost 100 million cyber attacks on UK local government over the last four years, with around 1 in 4 local authority systems being breached - some more than once. Of those breached, more than half (56%) had failed to report it.
These are the stark findings made by privacy group Big Brother Watch, after a series of Freedom of Information requests.
- Councils estimated that they had dealt with 98 million cyber attacks between 2013 and 2017 (malicious attempts to damage, disrupt or gain unauthorised access to computer systems or devices)
- The most common forms of attack were malware and email phishing, with ransomware attacks also a growing threat
- Gloucester City Council was fined £100k by the ICO after the Heartbleed software flaw exposed employees' special category data.
Yet, most local authorities (75%) don't provide compulsory cyber security training, and 16% have no training at all.
Tips to protect your company from the threat of cyber attacks:
- Appoint IT guardians or mentors - who can act as a conduit between various business functions and IT and who can offer informal advice.
- Train your team to look for common red flags - for example, a generic salutation (Dear Customer), poor quality logos, spelling mistakes, time pressure, fake domain names, mismatched sender details, etc.
- Establish clear protocols - for communicating and sharing information with new clients and suppliers. Insist on direct contact via named personnel or codewords for major changes in terms, payments, etc.
- Take extra care - especially if you are in a senior position or your name is in the public domain as you may be more vulnerable to impersonation. If you hold a senior position or are authorised to initiate payments, agree ground rules with your team - eg, to always make direct personal contact by phone, codewords, etc.
- Introduce dual authorisation - insist on PO numbers for all large payments to combat CEO fraud
- Be proactive - get advice on buying up similar domain names to reduce the chance of customers, suppliers or your team being duped.
Want to know more about GDPR?
As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.
If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!