Cyber is Councillor’s personal responsibility
19.09.24
We all have an ever-increasing reliance on IT and that brings with it considerable risk from a cyber perspective. We know that councils as organisations are at risk of attack from countries sponsoring cyber terrorism, but also from individuals who want to attack for malicious reasons or to try to gain financial advantage. Lesser talked about is the risk faced by individual councillors.
Councillors are intrinsically linked to the wider council infrastructure but are likely to be working away from main council buildings where they can make use of cyber protections. They are also more likely to be working from personal devices, particularly during election periods when using council-supported provisions, such as a council email address is not allowed. Yet we are firmly embedded within the linked chain of constituents, local businesses, and local and central government, making us an attractive target for cyber criminals.
This year, which has been dubbed the Year of Democracy, puts councillors and candidates at increased risk. Each election period new candidates come in who will not be expecting to be attacked. Some of those will end up being councillors and the first thing on their mind will probably not be whether their IT system is secure. They will have residents contacting them about problems and lobby groups asking them what they are going to do to support their cause, therefore cyber protection may be low down the list.
Whilst the council can do things to support, at the end of the day the responsibility must rest with the individual councillor. It is no good if you are attacked to blame the council. If an attack occurs on your own personal device, then that is your responsibility.
iESE, the local government not-for-profit consultancy which I chair, has understood the issues faced by local authorities and individuals such as councillors. It has joined with a number of very knowledgeable partner organisations to create the Cyber Centre of Excellence (CCoE).
The CCoE has been carrying out trials on ready-made cyber support packages for different sectors and segments of society. One of the products it has launched is Councillor Protect, an off-the-shelf package which gives access to software, training and support that best protects you, your laptop or desktop and your mobile phone. It is designed for individuals working solo without any central IT infrastructure and can be purchased as a standalone for individuals or bulk bought by councils at very reasonable rates due to the CCoE’s purchasing power.
Currently, awareness of cyber risk varies among councillors. Some are aware of the dangers and are taking measures to protect themselves, for others it has not yet registered as a potential risk. Others, still, realise it is something of a risk but hope that it is not going to be them who is attacked.
But there have already been cases where councillors have had their information cloned on social media and it is only a matter of time until worse happens. While protecting against scenarios like this is difficult, a product like Councillor Protect, which encompasses training modules, support from a vCISO and access to a support helpline, means we can be more aware of how to better to protect ourselves and take steps to mitigate issues if they arise.
Taking every precaution possible to protect your IT environment and ensure it is as safe as possible from attack is very wise. Not to do so leaves you vulnerable and, unfortunately, it is not a case of if you will be attacked, it is a question of when.
Cllr David Tutt is a Non-Executive Director of the CCoE. He Is also the Chair of iESE, former leader of Eastbourne Borough Council and Leader of the Liberal Democrat Group in Eastbourne.