Latest Public Sector News


Staff are ‘weakest link’ in cyber security, expert warns

The human error of council employees is a major threat to data security, an expert has warned.

Speaking at the National Association of Local Councils’ conference yesterday, Andy Hall, cyber and technology specialist, said that over half of all of local council data breaches are due to employee error, such as leaving an unencrypted laptop on a train, or sending an email containing sensitive information to the wrong email address.

“Staff are always the weakest link,” he said.

Cybercrime is growing by an “astronomical amount”, said Hall, with over half of all reported crimes estimated to be cybercrimes - over 7,000 each day.

Protecting personal data is a top priority for local councils as they hold large amounts of sensitive and personal data, making them vulnerable to cybercrime or data breaches.

Hall explained that in the last 12 months, over a quarter of local councils have been hit by ransomware attacks.

The new General Data Protection Regulations (GDPR) are due to come into force from May 2018, and Hall advised that councils need to make improvements to the way they collect and store personal information.

Councils must comply with the “right to be forgotten”, although Stacey Egerton, senior policy officer at the Information Commissioners Office (ICO), clarified that this is not an absolute right where services are still being provided to an individual.

Hall said that there should be clarity about how data travels within the local authority and that a data protection officer should always be appointed to ensure personal information is kept safe.

When appointing a data protection officer internally, Egerton warned of the conflict of interest that this may pose.

She explained: “If they're in a position where they're making any kind of decisions about the processing of personal data then it’s likely that there’s probably going to be a conflict of interest there.

“It’s really difficult for us to say yes or no to a particular position being suitable for a data protection officer or not, it needs to be considered on a case by case basis.”

Hall also advised that councils review their relationships with IT service providers and confirm that they are also compliant with GDPR, but cautioned that outsourced service providers often have limited responsibility for data.

The responsibility lays with the council, and data breaches could see fines of 4% of annual turnover, depending on the severity of the breach.

“Remember, there is no absolute prevention against cybercrime, but according to a recent survey cybercrime could be stopped by adopting some basic form of risk management,” Hall concluded.

Top image: Hanieriani

Have you got a story to tell? Would you like to become a PSE columnist? If so, click here.


There are no comments. Why not be the first?

Add your comment


public sector executive tv

more videos >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been the r more > more last word articles >

public sector focus

View all News


Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >
How community-led initiatives can help save the housing shortage

19/06/2019How community-led initiatives can help save the housing shortage

Tom Chance, director at the National Community Land Trust Network, argues t... more >


Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need ... more >