The LGA have identified a few areas where urgent attention could make a real difference to cyber security, including a list of questions which might be useful for councils to discuss with IT teams and providers.
- Is there a strong password policy, particularly on accounts with privileged access?
- Do your teams use multi-factor authentication where available, particularly on accounts with privileged access?
- Is there a backup of data and, equally importantly, test that it works?
- Does the system include access appropriate to user privilege? Do people only have access to what they need?
- Is patching up to date, and do councils patch at the earliest possible opportunity?
What are the unsupported systems, and are there mitigations in place to reduce the vulnerabilities they create?
- Does mobile device management policy follow best practice? For example, can staff download untrusted apps and software?
The National Cyber Security Centre’s 10 steps to Cyber Security provides useful guidance on how organisations can protect themselves in cyberspace. If you would like to access support, you can email LGACyberSecurity@local.gov.uk
Ransomware incident case study
The MHCLG has developed a case study of the Redcar and Cleveland Council’s 2020 Ransomware incident. The case study has been made available to councils on the Resilience Direct platform and can be used to inform your own local cyber resilience planning. The case study covers the background to the incident, the response and recovery, service lead perspectives and checklists for your organisation.
Please contact your council’s resilience officer for access to Resilience Direct.
Join our SEGWARP
South East Government Warning, Advisory and Reporting Point (SEGWARP) is one of a number of groups around the country designed to bring together information security officers from local government. The aim is to provide a one-stop shop for early warning, information sharing and best-practice advice around the latest cyber-security threats.
For more information or to join go to: seemp.co.uk/segwarp