As many as 32 local councils are now receiving GDPR and cyber security awareness training from a team of experts from ten local authorities, CC2i and ten BAFTA-winning film-makers.
The new GDPR training programme for dozens of local council employees will focus on threats faced by councils and the protocols they will need to follow to prevent cyber-attacks in the future.
First reported by Digital By Default, the new training programme has been designed by ten councils and CC2i and includes modules on ‘phishing, scams, password management, offline security, GDPR and more’. In all, employees at local councils will be asked to go through each module lasting three to five minutes.
The ten councils who were involved in designing the programme were Oxfordshire and North Yorkshire County Councils, Blackpool Council, Manchester, Portsmouth, Cambridge and Sheffield City Councils, Huntingdonshire, South Cambridgeshire and Eastleigh District Councils.
‘Like all other councils across the UK, Portsmouth was facing an unprecedented number of cyber attacks. The Matobo-CC2i collaboration gave us the ability to work with a leading cyber awareness film-maker as well as other councils facing similar threats.
‘Sharing the costs was a key benefit of the collaboration, as was the ability to input relevant messages into the training to inform staff at all levels,’ said Mike Greenslade, Information Security Officer at Portsmouth City Council to Digital By Default.
With GDPR just four months away, the timing of the programme is quite important considering that local councils across the UK have been suffering frequent cyber-attacks and data breaches over the years. However, this isn’t the first time that efforts have been made to improve cyber awareness of local council employees.
In June last year, the National Cyber Security Centre rolled out an active cyber defence protocol named DMARC which it said will help local councils authenticate an organisation’s communications as genuine, thereby removing the threat from phishing emails.
The NCSC hoped that the adoption of the DMARC protocol by .gov domains would make email spoofing much harder and would prevent hackers from breaching IT systems owned by government authorities.
However, three months after DMARC was launched, cloud data intelligence firm OnDMARC observed that 84% of local councils across the UK were yet to adopt the protocol, thereby continuing to place their IT systems and internal data at risk.
Such lack of enthusiasm among local councils is hard to explain, considering that several councils have been fined by the ICO for suffering data breaches as a result of lax cyber security protocols or for committing inappropriate disclosures.
Last year, Basildon Council in Essex was fined £150,000 by the Information Commissioner’s Office for disclosing sensitive personal information in a planning application and for failing to remove the information after it was first discovered. The council had leaked sensitive personal information about a traveller family which stayed in a green belt zone for several years. Leaked personal details included mental health issues and other disabilities.