Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

CYBER IS COUNCILLORS PERSONAL RESPONSIBILITY 2

19.09.24

We all have an ever-increasing reliance on IT and that brings with it considerable risk from a cyber perspective. We know that councils as organisations are at risk of attack from countries sponsoring cyber terrorism, but also from individuals who want to attack for malicious reasons or to try to gain financial advantage. Lesser talked about is the risk faced by individual councillors.

Councillors are intrinsically linked to the wider council infrastructure but are likely to be working away from main council buildings where they can make use of cyber protections. They are also more likely to be working from personal devices, particularly during election periods when using council-supported provisions, such as a council email address is not allowed. Yet we are firmly embedded within the linked chain of constituents, local businesses, and local and central government, making us an attractive target for cyber criminals.

This year, which has been dubbed the Year of Democracy, puts councillors and candidates at increased risk. Each election period new candidates come in who will not be expecting to be attacked. Some of those will end up being councillors and the first thing on their mind will probably not be whether their IT system is secure. They will have residents contacting them about problems and lobby groups asking them what they are going to do to support their cause, therefore cyber protection may be low down the list.

Whilst the council can do things to support, at the end of the day the responsibility must rest with the individual councillor. It is no good if you are attacked to blame the council. If an attack occurs on your own personal device, then that is your responsibility.

iESE, the local government not-for-profit consultancy which I chair, has understood the issues faced by local authorities and individuals such as councillors. It has joined with a number of very knowledgeable partner organisations to create the Cyber Centre of Excellence (CCoE).

The CCoE has been carrying out trials on ready-made cyber support packages for different sectors and segments of society. One of the products it has launched is Councillor Protect, an off-the-shelf package which gives access to software, training and support that best protects you, your laptop or desktop and your mobile phone. It is designed for individuals working solo without any central IT infrastructure and can be purchased as a standalone for individuals or bulk bought by councils at very reasonable rates due to the CCoE’s purchasing power.

Currently, awareness of cyber risk varies among councillors. Some are aware of the dangers and are taking measures to protect themselves, for others it has not yet registered as a potential risk. Others, still, realise it is something of a risk but hope that it is not going to be them who is attacked.

But there have already been cases where councillors have had their information cloned on social media and it is only a matter of time until worse happens. While protecting against scenarios like this is difficult, a product like Councillor Protect, which encompasses training modules, support from a vCISO and access to a support helpline, means we can be more aware of how to better to protect ourselves and take steps to mitigate issues if they arise.

Taking every precaution possible to protect your IT environment and ensure it is as safe as possible from attack is very wise. Not to do so leaves you vulnerable and, unfortunately, it is not a case of if you will be attacked, it is a question of when.

Cllr David Tutt is a Non-Executive Director of the CCoE. He Is also the Chair of iESE, former leader of Eastbourne Borough Council and Leader of the Liberal Democrat Group in Eastbourne.