Crime Reduction

08.05.18

Equipping the cyber security gatekeepers

Source: PSE April/May 2018

With the General Data Protection Regulation (GDPR) just around the corner, cyber security is on the lips of the whole public sector – but PSE’s Josh Mines argues that training is falling short for England’s local government workforce.

Digital data is a powerful tool for local government. Not only is it an easier, more efficient alternative to endless piles of paper-based documents, but it also has the capability of making council activity more transparent for service users, giving them more rights to see what information is held about them, or even choose to be forgotten.

But these upsides also bring with them some serious challenges for the public sector. Keeping all this data safe and well-organised is more important than it ever was due to the new GDPR coming into force from May this year.

So what’s the state of cyber security in the public sector in 2018? Despite the government taking steps to form the National Cyber Security Centre (NCSC) in February last year, along with a national strategy, local councils are still failing to properly safeguard their IT systems.

Local authorities under attack

The newly-formed NCSC reported in October 2017 that there had been 590 “significant” cyber threats in the UK last year. On top of that, a report released in February by cyber security watchdog Big Brother Watch found that local authorities in particular faced a whopping 19 million cyber-attacks every year.

But the number of threats targeted at local councils is not the most worrying finding of Big Brother Watch’s report. Shockingly, 25 councils had experienced a loss or breach of data from a total of 114 authorities that experienced at least one cyber security incident in the past year, and on top of that, more than half of these breaches were not even reported to the relevant authorities.

For the millions of service users who are forced to rely on local government services every day, this is cause for concern. Though in some ways it’s understandable that councils may choose not to report errors due to the substantial charges passed on by bodies like the Information Commissioner’s Office (ICO) – which handed out fines ranging from £60,000 to £150,000 to four different councils in 2017 – failure to report these problems means that lessons are not being learnt from cyber security mishaps.

Systems and processes for dealing with data will inevitably fail to improve over time, and staff are also not made aware of how to avoid other problems cropping up in the future. The problem with staff is also deepened by the watchdog’s other crucial finding: that three-quarters, or 297, of England’s authorities did not offer any kind of mandatory training for staff around cyber security.

Not taking responsibility

It’s a problem which, as Big Brother Watch lead researcher Jennifer Kreuckeberg pointed out, shows a lack of urgency around this issue from councils in England.

“With councils hit by over 19 million cyber-attacks every year, one would assume that they would be doing their utmost to protect citizens’ sensitive information,” she explained. “We are shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security. Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens.”

This is also a point that was reiterated by director of data protection consultancy Privacy Matters, Pat Walshe.

“The Big Brother Watch report reveals inconsistent approaches to safeguarding personal and sensitive data held by local authorities,” he stated. “It highlights the pressures faced by local authorities in a world of diminishing resources but increasing demands. It will be important that local authorities receive appropriate support moving forward.”

Cutting down employee errors

What Big Brother’s data makes clear is that, as previously thought, human error is a key factor behind most cyber security breaches. Often this manifests itself as simple negligence on the part of one or a group of people, as Gloucester City Council discovered in 2014. The authority was slapped with a £100,000 fine after an attack exploited a loophole in its ‘Heartbleed’ software, something which it had been warned about in the past.

And as cyber and technology specialist Andy Hall said at the National Association of Local Councils’ conference in December last year, half of data breaches come down to employee error, such as leaving a laptop on a train or, as one member of staff at Norfolk County Council did last year, leave sensitive files about vulnerable children in a cabinet which was donated to a second-hand shop.

Some amount of human error can never be cut out of council processes, but these examples show that for many councils, despite the upcoming GDPR regulations and huge fines given out by the ICO, cyber security still isn’t being treated as seriously as it should be.

Given the grave implications that this kind of sloppiness can have for local authorities and, more importantly, the safety of service users’ data, it’s unbelievable that more isn’t being done to combat the problem.

In the short term, it’s obvious that councils need to start investing in high-quality, up-to-date training for staff around cyber security as a matter of urgency. When GDPR comes into force, it’s likely that more pressure will be put on local government to keep up with the new regulation, and properly inform staff about their new obligations with how they handle data.

Council staff are the gatekeepers for a huge amount of public data, and it’s only through proper training and management that sensitive information about millions of people can be locked away from the hands of the wrong people.

 

FOR MORE INFORMATION
You can read Big Brother Watch’s full report at:
W: www.bigbrotherwatch.org.uk

Comments

There are no comments. Why not be the first?

Add your comment

 

public sector executive tv

more videos >

latest public sector news

Government under pressure as NAO finds universal credit not delivering value for money

15/06/2018Government under pressure as NAO finds universal credit not delivering value for money

Universal Credit (UC) has not delivered value for money and-- it is uncertain that it ever will, according to research published by the National ... more >
Bolton council buys shopping centre as part of £1bn town centre masterplan

15/06/2018Bolton council buys shopping centre as part of £1bn town centre masterplan

Bolton Council has purchased Crompton Place shopping centre in a £14.8m deal. The move has been funded by the council’s £100m ... more >
On a cliff edge: The Barnett Formula

14/06/2018On a cliff edge: The Barnett Formula

David Phillips, associate director at the Institute for Fiscal Studies, gives his analysis of the Barnett Formula post-Brexit and asks: how will ... more >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this feeling of imminent change than the article James Palmer, mayor of Cambridgeshire and Peterborough,... read more >

last word

The importance of openness after Grenfell

The importance of openness after Grenfell

Following the recent Grenfell Tower tragedy, Lord Porter, chairman of the LGA, argues that if the public are going to have faith in the safety testing process then everything must be out in the open — and this needs to happen as soon as possible. The fire at Grenfell Tower has been an unimaginable tragedy and it continues to be a hu... more > more last word articles >
Government under pressure as NAO finds universal credit not delivering value for money

15/06/2018Government under pressure as NAO finds universal credit not delivering value for money

Universal Credit (UC) has not delivered value for money and-- it is uncertain that it ever will, according to research published by the National Audit Office (NAO) today. The roll out of the... more >
Bolton council buys shopping centre as part of £1bn town centre masterplan

15/06/2018Bolton council buys shopping centre as part of £1bn town centre masterplan

Bolton Council has purchased Crompton Place shopping centre in a £14.8m deal. The move has been funded by the council’s £100m town centre fund, which is financed through a low ... more >

the raven's daily blog

The work of the vanguards can help overcome the challenges of integrated care

29/05/2018The work of the vanguards can help overcome the challenges of integrated care

Following the announcement of the second wave of integrated care systems (ICSs), NHS Providers, the NHS Confederation, NHS Clinical Commissioners (NHSCC) and the LGA reflect on how lessons learnt by members from across the four organisations – that have designed and worked together as part of the vanguards – will support the j... more >
read more blog posts from 'the raven' >

comment

On a cliff edge: The Barnett Formula

14/06/2018On a cliff edge: The Barnett Formula

David Phillips, associate director at the Institute for Fiscal Studies, gives his analysis of the Barnett Formula post-Brexit and asks: how will ... more >
The digital journey so far

08/05/2018The digital journey so far

Michael Sage, digital services group manager at Chelmsford City Council, outlines the authority’s journey towards becoming digitally indepe... more >
Equipping the cyber security gatekeepers

08/05/2018Equipping the cyber security gatekeepers

With the General Data Protection Regulation (GDPR) just around the corner, cyber security is on the lips of the whole public sector – but P... more >
The hydrogen revolution

08/05/2018The hydrogen revolution

PSE’s Josh Mines takes a look at an innovative scheme in Sheffield that will see some of the first hydrogen-fuelled vans begin work in the ... more >

interviews

Data at the heart of digital transformation

03/04/2018Data at the heart of digital transformation

SPONSORED INTERVIEW Grant Caley, UK & Ireland chief technologist at NetApp, speaks to PSE’s Luana Salles about the benefits of movin... more >
GDPR: The public sector scarecrow

03/04/2018GDPR: The public sector scarecrow

SPONSORED INTERVIEW PSE’s Josh Mines chats to Martin de Martini, CIO of Y Soft, about what the General Data Protection Regulation (GDPR)... more >
Keeping London safe

05/03/2018Keeping London safe

Theo Blackwell, London’s first-ever chief digital officer (CDO), speaks to PSE’s Luana Salles about the role he plays in ensuring the... more >
BIM: Digitising the public sector

19/02/2018BIM: Digitising the public sector

PSE’s Josh Mines talks to Stephen Crompton, CTO at GroupBC, and Stuart Bell, the company’s sales and marketing director, about how Bu... more >

public sector focus

  • 12/06/2018G-Cloud 10: small changes, big opportunities

    Rafael Cortes, Foehn head of marketing, explains how G-Cloud 10 should be a catalyst for innovative solutions and not a source of complacency. It was...
  • 04/06/2018Targets and tribulations

    David Willett, corporate director at The Open University, walks us through the university’s research into the apprenticeship levy, as well as...
  • 30/04/2018The legacy of Grenfell

    PSE’s Seamus McDonnell looks at the reactions of councils and the government to the Grenfell Tower fire, from the immediate aftermath to the...
View all News