24 April 2024

LocalGov elections: Being vigilant ahead of the local elections

LocalGov elections: Being vigilant ahead of the local elections image
Image: Thapana_Studio / Shutterstock.com.

Ahead of the local elections next month, Owen Prendeville, Information Commissioner’s Office (ICO), offers tips for protecting against cyber attacks.

Local elections are right around the corner, with millions of people across the country due to go to the polls to vote in their councillors as well as metro mayors and police and crime commissioners.

This is a fundamental part of our democracy, and voters should be confident that they can exercise their democratic rights without their personal information being at risk. At the Information Commissioner’s Office (ICO), we want to remind local government to be extra vigilant with cyber security at this time and ensure there are appropriate security measures in place to safeguard personal information.

Our data shows that a growing number of cyber breaches are being reported by the local government sector, with over 150 cyber incidents reported in the last year.

Poor information security leaves systems at risk and may cause real harm. We want to help those in local government be as prepared as possible, so we have shared some practical steps that they can take to mitigate risk and ensure their systems and the personal information they hold are protected. These tips are particularly important around the election, but will also be important to know in normal times too.

Provide regular staff training

All staff must be fully trained on the correct processes and any training should be role-specific, tailored and relevant to the tasks being completed. Many cyber-attacks come from social engineering, which tricks the user and persuades staff to share passwords or accidentally download malware. Measures such as up to date staff training are essential to spot and report suspicious activity, such as phishing attempts.

Back up your data

You should back up your data regularly. If you’re using an external storage device, keep it somewhere other than your main workplace – encrypt it, and lock it away if possible. That way, if there’s a break-in, fire or flood, you’ll minimise the risk of losing all your data. Such recovery measures should be reviewed regularly to ensure they’re appropriate. Making sure your back-up isn’t connected to your live data source, means any malicious activity won't reach it.

Use strong passwords and multi-factor authentication

Make sure you use strong passwords on smartphones, laptops, tablets, email accounts and any other devices or accounts where personal information is stored. They must be difficult to guess. The National Cyber Security Centre (NCSC) recommends using three random words. This is especially important for accounts with administrative access.

Where possible, you should consider using multi-factor authentication. Multi-factor authentication is a security measure to make sure the right person is accessing the data. It requires at least two separate forms of identification before access is granted. For example, you use a password and a one-time code which is sent by text message.

Be wary of suspicious emails

You should be regularly monitoring for suspicious activity and investigating any unusual activity. Staff need to know how to handle suspicious emails and to report them promptly to relevant colleagues. Look out for demands for you to act urgently, requests for updated payment methods and unrequested password resets. New technologies mean that email attacks are becoming more sophisticated and may appear to come from a source you recognise. If you’re not sure, speak to the sender.

Install malware protection

And keep it up-to-date. You must make sure the devices you use at home, or when you’re working away, are secure. Malware protection software can help protect your device against attack, but only if it is regularly updated and monitored. Act on any alerts, even if there has been successful removal. This helps those keeping the network safe to detect potential attacks sooner.

Update software Ensure that any software updates are run promptly. This makes sure that any security issues or vulnerabilities are fixed and reduces the chance of an attack. NCSC advise critical updates are carried out within 14 days.

Make sure your Wi-Fi connection is secure

Using public Wi-Fi, or an insecure connection, could put personal data at risk. You should make sure you always use a secure connection when connecting to the internet. If you’re using a public network, consider using a secure Virtual Private Network (VPN).

Don’t keep data for longer than you need it

Getting rid of data you no longer need doesn’t just free up storage space, it’s a key principle of data protection. It means you have less personal information at risk if you suffer a cyber-attack or personal data breach.

Dispose of old IT equipment and records securely

You must make sure no personal data is left on computers, laptops, smartphones or any other digital devices, before you dispose of them. You could consider using deletion software or hire a specialist to wipe the data.

Report to the ICO

In the event of a cyber-attack, there is a regulatory requirement to report this to the ICO. We have also worked with NCSC to remind organisations not to pay a ransom in case of a cyber attack, as it does not reduce the risk to individuals and is not considered as a reasonable step to safeguard data.

For more advice, visit the ICO’s security guidance for organisations.

Making payment processes smarter  image

Making payment processes smarter

It can be challenging to find the right software to streamline payment processes. Lewis McKenna-Crisp argues SmarterPay has the ideal solution for councils.
SIGN UP
For your free daily news bulletin
Highways jobs

Director of Public Health

Royal Borough of Greenwich
Up to £131,210
The Public Health department is at the heart of the council’s business. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Head of Regeneration and Growth

Plymouth City Council
£68,387 - £74,411 (MFS and relocation available, pay award pending)
This is a unique opportunity to lead our award-winning development team and directly deliver hundreds of millions of pounds of projects. Plymouth, Devon
Recuriter: Plymouth City Council

Director of Adult Social Care

Wiltshire Council
£119,390 - £127,137
Join us as the Director of Adult Social Care and make a real difference to people’s lives. Wiltshire
Recuriter: Wiltshire Council

Assistant Director Planning, Performance & Engagement

East Sussex County Council
up to £97,700
With strong local communities, unspoilt countryside and vibrant coastal towns, East Sussex offers an exceptional quality of life to many. East Sussex
Recuriter: East Sussex County Council

Director of Finance & Commerce

Lancashire County Council
Up to £114,339
You will play a critical role in driving the organisation through complex change and innovation. Lancashire
Recuriter: Lancashire County Council
Linkedin Banner