Cyber Insurance: Five ways councils can safeguard from cyber attacks
Author: Lee Cleaver, sales development account broker at BHIB Councils Insurance
Almost every local (parish and town) council uses technology in their day-to-day operations — whether simply accessing emails or performing more complex tasks such as handling personal data.
Unfortunately, however, whatever the reason a local council uses technology, doing so comes with risk. Local councils, large and small, are vulnerable to cyber-attacks — with revenue and reputation at stake.
That’s why this National Computer Security Day, 30 November 2022, we’ve compiled five top tips to ensure senior council figures can help keep their staff safe from cyber-attacks.
1. Close your doors to malware
You wouldn’t leave your house doors open to potential criminals, so don’t leave your computer’s virtual doors open to cyber-criminals and malware.
Malware, a malicious software designed to infiltrate or damage a PC or network without your knowledge or consent, can be shielded against in the following ways:
- Apply your firewall – A good internet router will have an on-board firewall, so don’t forget to turn it on. However, while this provides an excellent first line of defence, it is not enough to protect against all attacks.
- Protect your PC – You can protect your PC with security software. The best security software will encompass identity theft, risky websites and hacker attacks within a single solution.
- Safeguard your email – Your email system can be safeguarded with a spam filter. A good spam filter will block and flag dangerous emails before they can be mistakenly opened.
2. Implement specific cyber standards for your staff
We recommend all councils have adequate cyber standards for staff to follow, which may include the following:
- Educate staff – First, educate staff about what data is sensitive and how it should be managed. This should include internal and external communications, such as emails.
- Share turn-ons and turn-offs – Which applications can be loaded on company computers, and which are prohibited?
- Require strong passwords – Refer to tip four on passwords.
- Enforce consequences – What happens if the policy is not followed? Be prepared to back up your words.
- Use it, don’t abuse it – What is the proper usage of a company-issued computer? This includes the use of the Internet.
- Encrypt – Decide if an email encryption solution to protect sensitive information is required and when.
- Appoint a “Go To” – Who can ask employees if they have questions about the policy or computer security in general?
3. Tackle your social media
We also recommend educating your staff with best practices and guidelines regarding using social media safely. Consider the following ways to minimise risk:
- Look who’s talking – Decide who can speak on behalf of the council and only allow those employees to write about internal and external events.
- Define what’s confidential – Social media blogging and posting, for example, should include council guidelines about what information is OK to share and who can post.
- When being social, be smart – Only connect to trusted people in your social network; and when considering what content is OK for staff to share, don’t just consider if it’s confidential; consider what impact it will have too, for example, on your reputation.
4. Protect yourself with strong passwords
Passwords are the key to most council networks, so it’s essential they’re up to the job of keeping you safe. The more characters you add, the stronger your password will be. Here’s what to think about:
- Start strong – Require strong passwords on company systems with a random mix of at least eight characters made up of letters, numbers, and symbols.
- Remember to change – Time out old passwords and require password changes frequently.
- Keep them safe – Store passwords in a safe place and educate employees about poor practices.
5. Consider the risk of personal devices used for work
Many employees bring their devices to work – but what about the security risks? Here’s what to keep in mind:
- Develop company rules – A set of rules for using personal devices is the first step to keeping your council safe. Draft a comprehensive policy covering pertinent data deletion, location tracking, and internet monitoring issues.
- Assess the benefits – Councils may decide to permit the use of personal devices for work due to the potential for increased productivity (people work faster-using devices with which they are familiar). However, assess the benefits, as this increased productivity may come at increased risk and cost — as personal devices can be harder to safeguard and monitor.
Any views or opinions expressed in this blog are for guidance only and are not intended as a substitute for appropriate professional guidance. We have taken all reasonable steps to ensure the information contained herein is accurate at the time of writing. Concerning any particular insurance-related issues, readers are advised to seek specific advice.