How local authorities can make hybrid working secure

When the global pandemic forced local authority employees to work from home, one of the key priorities was ensuring business as usual to maintain vital services to citizens. 

The transformation happened more or less overnight. While it was a huge success, in the rush to find new ways of working it’s been difficult for many to ensure failsafe security. 

The need to stay secure is particularly acute for local authorities. Protecting personal information is a legal requirement under the Data Protection Act 1998, and the Information Commissioner’s Office can fine organisations up to £500,000 for non-compliance. 

Yet the move to remote working has put incredible strain on organisations. 

37% of local authorities need to move legacy applications to the Cloud, according to recent research by Cebr, with 43% saying they also need to ensure better security and compliance for their remote workers. 

The disruption has certainly impacted services. A freedom of information request conducted by Veeam found that nearly a third of councils experienced unplanned IT outages during the pandemic. Authorities experienced five unplanned IT outages on average.

Over the past year the upheaval caused by the pandemic has sadly created some easy wins for cybercriminals and hackers. 

Some authorities have been hit particularly hard. 

The publication LocalGov reports that Hackney Council was targeted by online criminals in October 2020 and the stolen data was published online. 

As Hackney mayor Philip Glanville said: “It is utterly deplorable that organised criminals chose last year to deliberately attack Hackney, damaging services and stealing from our borough, our staff and our residents in this way, and all while we were in the middle of responding to a global pandemic.”

Jonathan Lee of LocalGov has explored the human cost of ransomware attacks in particular. One attack took out social care advice services, leaving the most vulnerable people in society unable to claim benefits. 

As Lee says: “The examples show that robust cybersecurity practices are needed not just to save money, but to save lives.”

A new report by think tank Reform also points out that some councils are still relying on outdated technology and lack awareness of cyber security. Some councils are consequently delaying the rollout of new security measures or are unsure about how to train staff, even though many employees are now working from home. 

Ironically the public sector was an early adopter of cyber security. The government’s National Cyber Security Centre (NCSC) published its ‘Ten steps to cyber security’ back in 2012 and the advice is now used by most of the companies in the FTSE350. 

The advice contains a section on home and mobile working, advising local authorities to “Develop a mobile working policy and train staff to adhere to it.” 

By applying a secure baseline and build to all bases, authorities can protect data in transit and at rest, keeping remote workers safe and secure. 

Yet outmoded legacy infrastructure remains a key barrier to secure remote working. Staff are using all kinds of devices from numerous different locations. Software is not being regularly upgraded and the complex exchange of sensitive data relies on multiple and disparate IT systems. 

Another challenge is that providers are incompatible with each other, so local authorities find it difficult to ensure interoperability. The good news is that by building a robust connected network, authorities can get security built in. 

As the NCSC’s guidelines point out, most security issues are preventable. Simply by following best practice and implementing basic security hygiene levels, you can keep the attacks at bay. 

Taking control of user privileges, monitoring user activity and maintaining audit logs are all simple steps, for instance, but they can make a key difference in an era when so many people are working from remote locations. 

It’s also important to make sure that your security technology is intuitive and easy to use, so that everyone feels comfortable using it and does so as a matter of routine. 

When people are unfamiliar with complex systems, human error can creep in, which can create an attractive opening for cybercriminals. 

The fundamental point here is that connectivity and protection are two sides of the same coin. By selecting a connectivity provider that has security embedded in its own services, you can make sure that staying safe is an integral part of your digital collaboration and remote working solutions. 

By choosing a single provider that can deliver connectivity and security, you also avoid escalating procurement costs and save time on going out to tender. 

Simplicity is key. With a single, trusted connectivity provider and a system with security built-in, you drive efficiency and gain control and transparency.

Digital transformation can sound daunting. And expensive, too. That’s especially the case during and after the pandemic, when budgets are feeling the strain. 

Sometimes it can seem easier to stay with the status quo than embark on a new direction.

As Sam Trendall wrote recently in Public Technology, the financial worries mean “There is a real risk that councils’ innovation projects will be delayed, disrupted, or even ditched. And making the argument for spending on new tech could prove more difficult than ever.”

No wonder some local authorities might feel it could be better to leave legacy technology and current security measures exactly as they are. 

But by supporting, training and empowering staff, and by introducing intuitive, embedded security, this risk-aversion can be replaced with confidence – and competence – using the latest and best methods. 

It’s time to explore the high levels of security that digital technology like the cloud can bring to your organisation. 

84% of local government organisations put security at the top of their to-do list. 

By adopting a cloud-based approach, you can introduce a degree of separation between your remote workers and your virtual network. 

Your teams will use virtual desktops to access data, technology and apps that are hosted in the cloud, for instance. So, if there is a security issue, it won’t affect the heart of your system. The risk and any potential damage are contained.