Mark Scott 18 May 2021

Cyber security in a post-pandemic world

Cyber security in a post-pandemic world image

2020 caused major disruption to both our physical and digital worlds. With many local authority employees forced into dispersed and virtual settings, we’ve seen the swift adoption of remote systems and networks to enable collaborative working and more agile processes.

However, this rapid transition has also exposed a range of security vulnerabilities from securing remote access to targeted phishing campaigns, giving cyber criminals the opportunity to exploit the uncertainty brought about by the pandemic and cause chaos.

Cloud governance considerations

Given the challenges that local authorities face, from budget constraints to digital capabilities and compliance, now is a good time to take a step back and check that those newly implemented solutions have been bedded in correctly and are right for the long-term.

This is where data governance considerations come into play. It’s important that sensitive data is stored and managed in line with regulatory requirements - not only to maintain compliance but also to mitigate security concerns. Local authorities need to maintain strict control over sensitive data and retain the ability to delete or destroy that data when required. A lack of effective data governance is a worry, mainly because poorly structured data makes it much more difficult to detect and monitor when something goes wrong. Any misuse of data, especially in the public sector, can have far-reaching consequences and could lead to a loss of citizen trust.

Building a secure cyber strategy

People, processes, and technology form the basis of an organisation’s security strategy. A lack of attention to any of these three factors will inevitably lead to gaps. Balancing each component is the best way to identify risks and match them with the right tools, cultural norms and workflows to effectively manage risk.

People – Employees can create some of the most significant risks to cyber security. However, when they are well informed, they can also be an advantage and the first line of defence. Educating employees is incredibly important, and they need to have basic knowledge about information security and potential threats. Having the right mindset around cyber security is vital. Getting them interested in security, encouraging the swift reporting of incidents and keeping them motivated to keep their equipment and devices safe will all help to create a robust cyber security culture.

Process – Processes are key to the implementation of an effective cyber security strategy. Well thought out security policies, security awareness programmes, and access control procedures are essential. Not only do they help prevent and detect threats, but they are also crucial in defining how the existing activities can be used to mitigate risk. These processes must be continually audited and as mentioned previously, frameworks such as ISO 27001 provide an opportunity to create specific processes. Proper preparation significantly reduces the risks of cyber incidents, and it’s important that all processes and procedures are documented as part of the framework and for auditing purposes.

Technology – Technology is fundamental when it comes to cyber security. There are a whole host of technologies that the public sector can implement to layer their defences. By identifying the most common risks the organisation faces, it becomes easier to identify the controls that need to be put in place, and the technologies to support them. Technology can be deployed to prevent or reduce the impact of cyber risks, depending on your risk assessment and what you deem an acceptable level of risk.

Securing data for the long term

As local authorities become increasingly reliant on mobile devices and cloud-based technologies to run their teams and vital services, networks, services and devices become prime targets for cyber criminals.

This means that different types of data will need to be secured in different ways. Data classification can play a part in helping to secure collaboration platforms and solutions, for example, stopping employees sharing sensitive information such as child protection records with users who are not authorised to view them. Getting data classification right from the start and driving policies from the centre makes it much easier to keep data safe and secure. Ultimately, employees need to be protected by policies that stop them from inadvertently exposing confidential data.

However, this is very different from the type of security implemented around a business application database. When it comes to protecting applications and databases, security needs to be a core part of the design. The crux of this is good product architecture and understanding that cyber security processes need to be layered in. This approach minimises the risk of exposing information residing in the cloud and should centre around the zero-trust security model. The model is based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network.

The good news is that with a layered security strategy, the correct tools, and the appropriate cloud partners in place, many of the most significant cyber security challenges are surmountable.

Mark Scott is CEO at Cantium Business Solutions

For your free daily news bulletin
Highways jobs

Standard Care Broker

Royal Borough of Greenwich
£28,470 - £29,502
You will be working as part of a Brokerage Team. You should have a good understanding of Personalisation/The Care Act and Direct Payments. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Mental Health Commissioning Manager

Royal Borough of Greenwich
£46,638 - £49,674
It is an exciting time to join Greenwich as part of an Integrated Commissioning Unit for Adults. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Director (Operations)

Cambridgeshire County Council
£79,467 - £102,014
Reporting directly to the Chief Executive and working closely with elected Members. Cambridgeshire
Recuriter: Cambridgeshire County Council

Administrator/Receptionist - Childrens Centres

Stoke-on-Trent City Council
£20,444 - £22,571
An exciting opportunity has arisen within the Supporting Families Service to work front of house Stoke-on-Trent, Staffordshire
Recuriter: Stoke-on-Trent City Council

Highways Road Worker

Sandwell Metropolitan Borough Council
£21,269- £24,920
An exciting opportunity for a Highways Road Worker has arose based at Taylors Lane, Oldbury. Sandwell, West Midlands
Recuriter: Sandwell Metropolitan Borough Council

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.