7 min read

3 cybersecurity challenges facing local councils and how to tackle them

In 2022, according to the ICO, local and central government bodies reported the third highest number of data incidents, second only to the healthcare and education sectors. 

While data protection is a serious consideration for all businesses, for the public sector, it is particularly important. The data handled by these organizations is often personality identifiable information of residents - individuals who (understandably) expect those responsible for their data to protect it. 

So, when something goes wrong and a data incident occurs, councils suffer huge reputational damage, comparable only to the devastating financial impact.

However, public sector employees are not intentionally acting irresponsibly. Afterall, no employee intends on causing a data incident.

So why are data leaks in this sector continuing to happen?

1. Human error is the leading cause of data incidents

Of the reported incidents in 2022, nearly 90% were ‘non-cyber’ related incidents - i.e. non malicious attacks.

To put this in perspective, over 400 incidents were due to human error, including information accidentally emailed, faxed or posted to the wrong person, failure to redact emails, and misuse of Bcc. These four incidents accounted for more than half of all incidents reported to the ICO in local/central government. In comparison, only 10 incidents were due to malware and ransomware. 

Simply put, human error is where the real security risks lie; the smallest mistakes often have the biggest consequences. 

With email the primary area of risk for employees in the public sector, and email still the most accessible, user-friendly platform for communicating with agencies and residents, it makes sense that progressive IT leaders are increasingly focussing their attention on this platform. 

Standard email clients used by the majority of government bodies (Outlook, M365) do not empower people to avoid mistakes, support compliance, or protect sensitive data after sending. Integrating a smart security solution with the Microsoft workspace solves this issue effortlessly, with enhanced security functionality and next-level encryption - so your people can send and receive sensitive data securely, without learning new processes or platforms. 

2. To encryption and beyond: Securing emails and sharing large files 

Due to its decentralized nature, security protocols are not widely adopted across email providers. Afterall, efficiency, not security, is the main objective of email. This is the reason email remains our preferred method of business communications; it gets our messages from point a to point b as quickly as possible.

However, while 20 years ago this was acceptable, today the gaps in email security must be filled.

So, advanced encryption is key when seeking a solution to properly secure emails to a higher degree than standard email clients can provide. However, encryption isn’t the silver bullet to securing sensitive data by email. Your security solution should provide far more in order to empower employees to protect their emails.

For example, recipient experience is key. If your provider requires recipients (be it residents or third party agencies) to create accounts to access a simple message, this reflects poorly on your council. Consider how a citizen feels when they are required to navigate a clunky portal to access their subject access request. This information should be easy to access and the process must be user-friendly, too. 

In addition, employees must be empowered to protect sensitive information and avoid making mistakes whilst they get on with their core role. Expecting busy housing teams, for example, to learn yet another new platform to enable secure communications with external agencies (such as police or social services) is inefficient. Enabling them to work securely within email with enhanced security features guarantees happier employees who embrace digital security, rather than fearing it. 

And never is this more true than when sending large attachments. File sharing has long been a headache for employees; standard email clients limit file sizes to just 25MB, forcing users to switch to third party file sharing platforms which is problematic for a number of reasons. The ability to share large files quickly, easily and (above all) securely from your email client is key - and it is within reach today.

3. Information security, governance and compliance

The ICO recommends that public sector IT leaders prioritize data protection, risk management and staff awareness, and emphasizes the importance of understanding local government’s policies around transparency, releasing information to the public and data security. Considering that local government employees across all areas manage sensitive data every day, ensuring employees are armed with the tools they need to protect their organization from a data leak is key.

By enhancing your email client with advanced encryption and human error prevention tools, employees can act appropriately. One example of this is the ability to recall an email. Microsoft and Outlook make recalling emails practically impossible. It also fails to provide 2FA, expiration controls and other key functionalities to protect the content of emails.

With advanced encryption securing the connection between the sending and receiving clients (and ensuring your provider doesn’t retain access to decryption keys), your data is secure in transit.

And finally, automated data logging and certifiable Proof of Delivery tools provide data on the status of every email sent and received, ensuring data protection officers are prepared in the instance of a data loss event.

This technology and more is within reach for public sector organizations today. It's time to capitalize on  existing platforms, rather than over complicating with additional platforms and solutions (as we saw during the shift to remote working in wake of the global pandemic).

By enhancing email, local council employees can work effortlessly and securely, safe in the knowledge that their data is protected. Learn how we can help.

More for your council:

Learn: Customer story | Digital security for the people: Municipality of Lochem

Watch: Webinar | Why security training alone isn’t enough to ensure digital security in the public sector

Read: Blog | Why 'good enough' isn't good enough for IT security and compliance in the public sector

First published -
Last updated - 14/03/23
3 cybersecurity challenges facing local councils and how to tackle them
Free demo
Free demo
Free demo

Ready for a deeper dive? So are we.