24 April 2024

LocalGov elections: Being vigilant ahead of the local elections

LocalGov elections: Being vigilant ahead of the local elections image
Image: Thapana_Studio / Shutterstock.com.

Ahead of the local elections next month, Owen Prendeville, Information Commissioner’s Office (ICO), offers tips for protecting against cyber attacks.

Local elections are right around the corner, with millions of people across the country due to go to the polls to vote in their councillors as well as metro mayors and police and crime commissioners.

This is a fundamental part of our democracy, and voters should be confident that they can exercise their democratic rights without their personal information being at risk. At the Information Commissioner’s Office (ICO), we want to remind local government to be extra vigilant with cyber security at this time and ensure there are appropriate security measures in place to safeguard personal information.

Our data shows that a growing number of cyber breaches are being reported by the local government sector, with over 150 cyber incidents reported in the last year.

Poor information security leaves systems at risk and may cause real harm. We want to help those in local government be as prepared as possible, so we have shared some practical steps that they can take to mitigate risk and ensure their systems and the personal information they hold are protected. These tips are particularly important around the election, but will also be important to know in normal times too.

Provide regular staff training

All staff must be fully trained on the correct processes and any training should be role-specific, tailored and relevant to the tasks being completed. Many cyber-attacks come from social engineering, which tricks the user and persuades staff to share passwords or accidentally download malware. Measures such as up to date staff training are essential to spot and report suspicious activity, such as phishing attempts.

Back up your data

You should back up your data regularly. If you’re using an external storage device, keep it somewhere other than your main workplace – encrypt it, and lock it away if possible. That way, if there’s a break-in, fire or flood, you’ll minimise the risk of losing all your data. Such recovery measures should be reviewed regularly to ensure they’re appropriate. Making sure your back-up isn’t connected to your live data source, means any malicious activity won't reach it.

Use strong passwords and multi-factor authentication

Make sure you use strong passwords on smartphones, laptops, tablets, email accounts and any other devices or accounts where personal information is stored. They must be difficult to guess. The National Cyber Security Centre (NCSC) recommends using three random words. This is especially important for accounts with administrative access.

Where possible, you should consider using multi-factor authentication. Multi-factor authentication is a security measure to make sure the right person is accessing the data. It requires at least two separate forms of identification before access is granted. For example, you use a password and a one-time code which is sent by text message.

Be wary of suspicious emails

You should be regularly monitoring for suspicious activity and investigating any unusual activity. Staff need to know how to handle suspicious emails and to report them promptly to relevant colleagues. Look out for demands for you to act urgently, requests for updated payment methods and unrequested password resets. New technologies mean that email attacks are becoming more sophisticated and may appear to come from a source you recognise. If you’re not sure, speak to the sender.

Install malware protection

And keep it up-to-date. You must make sure the devices you use at home, or when you’re working away, are secure. Malware protection software can help protect your device against attack, but only if it is regularly updated and monitored. Act on any alerts, even if there has been successful removal. This helps those keeping the network safe to detect potential attacks sooner.

Update software Ensure that any software updates are run promptly. This makes sure that any security issues or vulnerabilities are fixed and reduces the chance of an attack. NCSC advise critical updates are carried out within 14 days.

Make sure your Wi-Fi connection is secure

Using public Wi-Fi, or an insecure connection, could put personal data at risk. You should make sure you always use a secure connection when connecting to the internet. If you’re using a public network, consider using a secure Virtual Private Network (VPN).

Don’t keep data for longer than you need it

Getting rid of data you no longer need doesn’t just free up storage space, it’s a key principle of data protection. It means you have less personal information at risk if you suffer a cyber-attack or personal data breach.

Dispose of old IT equipment and records securely

You must make sure no personal data is left on computers, laptops, smartphones or any other digital devices, before you dispose of them. You could consider using deletion software or hire a specialist to wipe the data.

Report to the ICO

In the event of a cyber-attack, there is a regulatory requirement to report this to the ICO. We have also worked with NCSC to remind organisations not to pay a ransom in case of a cyber attack, as it does not reduce the risk to individuals and is not considered as a reasonable step to safeguard data.

For more advice, visit the ICO’s security guidance for organisations.

Addressing regional inequalities  image

Addressing regional inequalities

Andrew Borland, Chief Innovation Officer at the Virtual Engineering Centre (VEC), University of Liverpool discusses the importance of levelling up for growth.
For your free daily news bulletin
Highways jobs

Senior Social Worker

Wakefield Council
£40,221.00 - £43,421.00, Grade 10, 37 hours, Permanent
Community Mental Health Senior Social worker (level two) post at Baghill House Pontefract. Baghill House, Health & Wellbeing Centre, Walkergate, Pontefract, WF9 1QW
Recuriter: Wakefield Council

Senior Social Worker

Wakefield Council
£40,221.00 - £43,421.00, Grade 10, 37 hours, Permanent
An exciting opportunity has arisen for a full time (37 hour) senior social work position within Connecting Care East. Castleford Civic Centre, Ferrybridge Road, Castleford, WF10 4JH
Recuriter: Wakefield Council

Senior Care Assistant (Days)

Wakefield Council
£21,422.43 - £23,731.62, Grade 6, 30 hours, Permanent
Dovecote lodge is a short term placement unit which support the hospital with admissions, predominantly from the emergency department. Dovecote Lodge Dovecote Lane Horbury Wakefield West Yorkshire WF4 6DJ
Recuriter: Wakefield Council

Complex Needs Support Worker

Wakefield Council
£19,697.84 - £21,064.05, Grade 5, 30 hours, Temporary
Dovecote Lodge currently has a vacancy for a 30 hour complex support worker, the rota includes days, afternoons and nights over a 10 week period. Dovecote Lodge Dovecote Lane Horbury Wakefield West Yorkshire WF4 6DJ
Recuriter: Wakefield Council

Multi Skilled Operatrive x4

Wakefield Council
£22,737.00 - £29,269.00, Career grade 3-6, 37 hours, Permanent
We are seeking enthusiastic and capable colleagues to join our Highway Operations team that forms part of the Highway Network Management. Wakefield, West Yorkshire
Recuriter: Wakefield Council
Linkedin Banner

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.