Dan Middleton, VP, UK&I, shares his top tips on how community councils can ensure modern data protection best practices
The pandemic resulted in many councils being forced to digitize their services at a pace they weren’t prepared for, which meant they were processing and storing more data than ever before. This created a massive and unforeseen operational challenge, especially for companies working with legacy IT systems.
According to the Institute of Fiscal Studies (IFS), the pandemic has simultaneously increased spending and reduced local governments’ income opportunities. This means budgets for protecting community data were even tighter, making effective data protection an even bigger challenge.
There have been a number of cyber attacks on councils recently, including stealing private documents and putting them publicly online. Pressure on the councils from digital threats is mounting. With that in mind, this article looks at the main privacy issues that the councils are facing and the five ways they can ensure best practice.
The problems that the Councils are facing today
The pandemic accelerated the need for digital transformation in many councils, leading to three main problems: outages, testing, and the current cyber threat landscape.
According to the Freedom of Information Report from Veeam, a data protection agency for local governments, about a third (32%) of city governments have experienced unplanned IT outages in the past 12 months. On average, municipalities experienced five unplanned IT failures during this time – 10% of them even 20 failures.
Each council has a disaster recovery plan in place in the event of an IT failure or failure. However, our research shows that only 15% test their systems regularly (once a month or more). There is a risk that these councils may use outdated disaster recovery technologies that cannot automate regular testing and are not guaranteed to be reliable.
With data modernization and the current cyber threat landscape, many municipalities rely on inadequate data protection solutions and protocols. According to the UK government’s own research, these threats come in the form of cyber criminals, state actors and state sponsored attacks, terror groups, hacktivists and screenplay kiddies.
Given the sensitive data they hold, it is clear that councils need to follow best practices around modern data protection to ensure they can keep residents’ data as secure as possible.
Our top tips
In order for the councils to ensure that they are implementing best practices, we recommend that you follow these five steps:
- To plan: Local authorities need a clear, modern data protection strategy to ensure that the data in their area of responsibility is protected and secured at all times. The failure of data protection and disaster recovery systems can have serious consequences for local authorities given the sensitivity of the data in their care.
- exam: The introduction of an automated test function that can be tested after each backup gives the councils the assurance that they can restore and restore successfully in the event of a failure.
- Rate it: IT strategy, data storage and cybersecurity systems must be fit for purpose. They often need to be evaluated to ensure that organizations have not developed a vulnerability. During this evaluation and subsequent planning, it must be taken into account, in addition to the insight, that some attacks will most likely be successful. Annual reviews allow companies to be proactive rather than reactive.
- Train: All employees must be trained in how their company stores, protects and secures data and minimizes the risk of introducing cyber attackers using common attack methods such as phishing.
- Risk reduction: Partnering with a third party vendor with expertise and experience in the field of modern data protection provides security and ensures that local authorities are following the best possible practices to keep data safe and secure.
I’m looking forward to
Municipalities are aware of their responsibility to protect diverse and critical data sets. Unfortunately, however, outages remain frequent and last longer than the commercial average (as found in the Veeam Privacy Report 2021). In a strong and evolving threat landscape, local governments would benefit greatly from modern data protection methods.
With this in mind, by following the best practices outlined above, communities can ensure that data is not lost, falls into the wrong hands and provides the best possible service to their residents.