Cyber Unpacked is the first module of Unpacking Digitalisation, a series of short explainer videos on digital concepts, created to support officers and councillors who are digital newcomers.
Each video takes a term or concept that you might hear during conversations about cyber security and digital, and unpacks it using animated examples. These videos are a tool for members and officers to improve understanding of cyber risk in under 3 minutes, which can aid decision making in the long-term.
What is cyber security?
The first video in the series will define cyber security, explain why cyber security is important, and introduce and explain some key terms you may hear when learning about cyber security.
What is cyber security?
This video will: Define cyber security, outline key terms such as ‘Assets’ and ‘Information Security’ and give examples of why cyber security is important.
Cyber security is how individuals and organisations reduce the risk and impact of cyber attacks. It involves protecting councils’ devices, networks, services, and the data held on each, from unauthorised access, disruption, damage, or theft.
Information, data, devices, networks, and services are referred to as assets in the context of cyber security. They are the components of your council’s digital system that are valuable and could therefore be exploited by malicious actors.
You might see the term information security used interchangeably with cyber security. Information security looks at securing information in any form, including digital and printed formats, while cyber security is focused on protecting digital data, the systems upon which the data sits, and networks via which the data can be accessed.
To understand the difference, let’s look at patient records in the NHS as an example. Cyber security ensures the protection of electronic records. Information security includes not only securing these electronic records, but also covers the protection of any information held in physical form, such as patient information that is printed or written down.
Cyber security is important because the delivery of many council services relies on digital assets. Threats to these assets can mean critical services go offline or sensitive data is disclosed publicly, which could damage a council's reputation, hurt its finances, affect its ability to safeguard, and deliver services to residents.
Cyber security is a vast field, and you will encounter terms like cyber resilience, cyber threat, and cyber risk.
These terms can be utilised by anyone in local government. We encourage you to keep an eye out for them in future videos, and to speak with others in your council about them.
There are many resources that can help you learn more about how cyber security applies to your council. For instance, the National Cyber Security Centre or NCSC website is the best first port of call for clarifying cyber security questions you have.
There is also government support on cyber security available from the Centre for National Protective Security Authority (NPSA) and the National Cyber Crime Unit (NCCU).
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. Check out other videos to keep on learning!
Find out more about cyber security using the links below:
What is a network?
The second video in Cyber Unpacked explains what a network is, outlines basic network components and explains the difference between public and private networks.
What is a network?
This video will: Define ‘networks’, outline basic network components, and differentiate between public and private networks
As a councillor or officer, you may come across networks in some operational tasks, like connecting to your internal council systems. You will also encounter networks in public-facing council functions, such as providing wifi in a public library.
But what exactly is a network?
A computer network is formed when two or more computers are connected in some way to share information or resources. More broadly, a network is the interconnection of computing devices, from computers, to phones, to printers, to smart devices, and so on.
Networks are typically made up of servers and clients. In this model, user devices, or clients, communicate via a network with centrally located servers to get the resources they need.
A server is a large-capacity computer that contains the hard drives, printers, and resources that are shared with other computers on a network. Servers are designed to be able to handle more intensive workloads than a personal computer can. A personal computer could run server processes, but would not be able to handle the workload and crash.
Clients are the other computers and devices on a network that request for and receive these resources from servers. Examples are end-user devices like phones and personal computers.
There are two main types of networks: public networks and private networks.
A private network excludes unauthorised users from joining the network. One example is an intranet: a network where the connection is between devices within a particular setting.
The internet is also a type of network. It is a global network of other networks, allowing for worldwide sharing of information. Since it is accessible to the public, the internet is an example of a public network.
If you’d like to learn more about networks, speak to your colleagues in the IT department and ask them some further questions:
How do you know that your networks are operating optimally?
How are your council’s networks secured?
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. Check out other videos from the series to keep on learning!
Find out more about data and how to protect it:
What is data?
The third video in the series will define data, describe the differences between data and information, define data-related terms, and link this back to cyber security in your council.
What is data?
This video will: Define ‘data’, differentiate between data and information, and define data-related terms
Data is a very broad term, and its definition depends on the context. Data can refer to collections of text, numbers, symbols, individual facts, sounds, and images, alone or in any combination.
There is also a distinction between data and information; information is data with context applied that allows us to derive meaning from it.
To better understand this distinction, think about a council tax register. This is a database made up of different pieces of data, including the names of residents and the amount of council tax they need to pay.
When you combine the data, you get information about the council tax that different residents owe.
You may also hear the term big data. This refers to large, constantly growing collections of many different types of data.
In your work, you may come across terms like open data and data privacy. What do these mean given our understanding of data?
Open data means that data is shared freely to both council colleagues and members of the public for use and reuse. Data privacy refers to arrangements to keep data from falling into unauthorised hands. This is to avoid the data being used to glean information that could be misused.
Let’s end this video with two questions about data and your council: Who is your council’s data shared with and how? Is your council’s data secure?
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. Check out other videos to keep on learning.
Find out more about data and how to protect it:
Data backups and the NCSC 3-2-1 rule
The fourth video in Cyber Unpacked defines what we mean by data backups, explains what the NCSC 3-2-1 rule is and how to apply it at your council.
What are data backups and how do they relate to the National Cyber Security Centre’s 3-2-1 rule?
This video will: Define data backups, explain what the NCSC 3-2-1 rule is and how to apply it.
Backing up data refers to copying council data, such as files and programmes, from where it is mainly stored to one or more secondary locations. This copy of your data is called a data backup.
A key reason your council would back up its data is to be able to recover that data in the case of an accident, cyber security incident, or disaster that affects the primary data storage location.
Backups are especially important for responding to and recovering from a ransomware attack.
In a ransomware attack, malicious software aims to render council data unintelligible. The perpetrator of the attack may want some kind of payment, or ransom, to restore the data, but there is no guarantee they will restore it even after getting paid.
This is a really tough situation, but if a council has up-to-date backups of its data somewhere safe, then it can use those to restore its operations.
But where is “somewhere safe”? If the data backups are on the same network that is exploited by this ransomware attack, then they could get corrupted as well. This could result in all data being lost, rendering systems unusable and putting key citizen services offline.
This is why it is good to have multiple backups that are separated from each other. The National Cyber Security Centre, or NCSC, has developed the 3-2-1 rule as a rule of thumb for storing multiple backups. It means having at least 3 copies, on 2 devices, and with 1 copy offsite.
The NCSC also suggests that one of these copies is “offline” - not connected to any networks or systems.
Here are two considerations to round off this video:
How well does your council follow some of the good practices we have discussed?
It is essential to systematically test out the process of restoring your backups. The results of these tests can inform your council’s subsequent back up processes.
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. To learn more about the terms we covered, please watch our other videos!
Learn more about good password security using the links below:
What does good password security entail?
The fifth video of the series is all about password security. We define what a password is and lay out good password security practice for you to follow.
What does good password security entail?
This video will: Define passwords, lay out good password security practice.
Let’s start with defining what a password is. A password is a sequence or string of characters. It is used to verify the identity of a user, usually to gain access to a resource.
Passwords are important from a cyber security perspective because they can prevent unauthorised access to assets. Cyber attackers will often try to guess passwords to gain access to council systems, networks and data.
Some of the most common ways they do this are: using trial-and-error to work through all possible passwords, called brute force attacking; and using lists of common passwords to try to access a large number of accounts, otherwise known as password spraying.
It is generally more difficult for attackers to guess complex passwords, so many organisations require their staff to create multiple complex passwords. But this does not guarantee security, and puts a burden on staff.
A good way to help councillors and officers to manage the complexity requirement is by encouraging them to use three random words, like 'coffeetrainfish' or ‘walltinshirt’.
Councils should also consider using multi-factor authentication for important accounts. Multi-factor authentication means that the council’s system or network will require more than one piece of evidence to verify a user’s identity.
It also makes sense to regularly audit user passwords against common password lists, using free or commercial tools.
Let’s round off the video with a question: How much of the good practice we’ve discussed does your council currently implement?
This video does not present an exhaustive list of good practice, and good practice is constantly changing.
To get the most up to date and comprehensive information please consult the National Cyber Security Centre’s guidance on password security.
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. To learn more about multifactor authentication, please watch our video on it.
Learn more about good password security using the links below:
- NCSC - Password managers
- Password manager buyers guide
- NCSC - Updating your approach (Please note, this video does not contain an exhaustive approach or advice, and it's important to regularly review your own processes in line with NCSC guidance.)
What is a cyber vulnerability?
This video explains all about cyber vulnerabilities, including what a zero-day vulnerability is, and the measures you can take to reduce the negative consequences of any which are exploited.
What is a cyber vulnerability?
This video will: Define what a cyber security vulnerability is, explain zero-day vulnerabilities.
A cyber vulnerability is a weakness in an information system, configuration, or in security procedures, which allows a malicious actor to inflict harm to an organisation.
A vulnerability in an information system could be a software flaw, such as a web application that does not filter its users’ commands. This can allow a malicious actor to put harmful code into an otherwise benign program.
Another vulnerability could be using default passwords in systems. These default passwords might be in the public domain, putting the systems at risk. This is considered an error in the implementation of software and its components.
Weaknesses in security procedures are another kind of vulnerability. One example of this is a failure to patch, or keep software updated to the latest, most secure versions. Such software will be at high risk of compromise because malicious actors monitor security updates to find outdated versions that have not fixed the underlying vulnerability.
Various stakeholders, such as researchers, software vendors, law enforcement, and ethical hackers, are constantly checking software code for vulnerabilities.
However there will always be vulnerabilities that have not been found. These are called zero-day vulnerabilities, because if the vulnerability is undiscovered by the vendor, they have had “zero days” to fix it.
Attacks that exploit these previously unknown vulnerabilities are called zero-day attacks.
Zero-day attacks can’t be prevented entirely, but the effects can be mitigated through proper planning to minimise disruption.
Consider the example of a council that has fallen victim to such an attack. The council is attacked by a virus that is too new to be recognised by the council's antivirus software. It encrypts the council’s data, and locks council staff out of key systems.
The council’s review states that as a zero-day vulnerability, ways to prevent the attack were limited. But the council could have invested in stronger systems and processes to mitigate the consequences, such as securely stored data backups.
To avoid the same issues as our example council, it’s important to ask: How often does your council conduct evaluations of its existing assets for vulnerabilities?
Good practice is also to run simulated attacks on your IT systems to uncover weaknesses; this is called penetration testing.
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. To learn more about the terms we covered, please watch our other videos.
What is ransomware and malware?
This video defines malware and ransomware, and explains how ransomware can affect councils.
What are malware and ransomware?
This video will: Define malware, define ransomware, and outline how ransomware can affect councils.
The term malware combines the words malicious and software. It refers to any software that is designed to cause harm.
Ransomware is a specific type of malware that is designed to prevent organisations from accessing their computer systems and data.
Perpetrators of ransomware attacks will use this lack of access as leverage to demand some kind of ransom, usually a payment. Importantly, perpetrators may or may not restore access to systems and data upon getting paid.
Councils should not consider paying a ransom. It is against the central government and UK law enforcement’s policy. The act may be found to be illegal if it is related to terrorist and other criminal activity.
Paying will make an organisation more likely to be targeted. Sectors that are known to pay have seen a spike in ransomware attacks.
Malware and ransomware can cause serious harm to council assets and operations. Let’s take, for example, a council officer who opens a suspicious email attachment that allows ransomware to get onto the council’s IT system.
The ransomware encrypts the council’s data and data back ups, rendering them unintelligible. This causes council officers’ computers to become unusable.
The attackers demand a large sum of money to restore the data, but the council refuses to pay because there is no guarantee that the data will be restored after payment.
It takes the council many months to recover from the attack, and the cost of restoring systems reaches into the millions, hurting its ability to deliver core business services to its citizens.
Let’s round off the video with two things your council can do to protect itself.
To lower the likelihood of falling victim, it is important to use mail and website filtering tools.
Your council may also want to consider using enterprise antivirus or anti-malware products that protect council servers and end-user devices together, rather than standard antivirus software which protects end-user devices on an individual basis.
Finally, it is important to talk to IT colleagues to learn about the security and mitigations your council has in place to protect itself!
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. To learn more about the terms we covered, please watch our other videos!
What is phishing?
This video will explain what phishing is, the tell tale signs of a phishing attack and what you can do to protect yourself from them.
What is phishing?
This video will: Define phishing, point out tell tale signs of a phishing attempt.
Simply put, phishing is an attempt to trick a user into doing the wrong thing. The “wrong thing” can be many things: granting unauthorised access, downloading malware, stealing intellectual property, and so on.
A phishing attempt involves a malicious actor posing as a legitimate institution via a fake website, text message, social media platform, or by phone.
However, phishing is mainly used to describe attacks that arrive by email.
There are some telltale signs that can indicate a phishing attempt. Phishing emails will sometimes use generic salutation such as "valued customer," "friend," or "colleague." Other attacks will refer to you directly and this is called targeted or spear phishing.
The name and email address will be similar to those of people you know, but there are typically errors.
The email will usually include an urgent action that you must take, such as "submit these details within 24 hours" or "you have been a victim of crime, click here immediately."
Phishing emails often request personal information, which legitimate organisations normally will not do over email.
Finally, they may also make an offer that is too good to be true, such as offering your council a million pounds without reason.
Let’s talk about what you can do to protect yourself from a phishing attack.
Malicious actors will often use publicly available information about you to target you. So, review what information is publicly available about you.
Also, make it a habit to scan communications you receive for the telltale signs of a phishing attempt we outlined before.
If you spot a suspicious email, flag it as spam or junk in your email inbox. Let your IT department know that you've identified it as potentially unsafe.
And if you’ve clicked a suspicious link, tell your IT department as soon as you can. The earlier you tell them, the more likely they'll be able to help.
Finally, it is important to train personnel to identify and respond to phishing attempts.
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. To learn more about the terms we covered, please watch our other videos!
What does good supply chain security entail?
This video explains why good supply chain security is needed and the practical steps you can take to achieve it.
What does good supply chain security entail?
This video will: Talk about the need for supply chain security, outline practical steps to take to manage supply chain security.
Councils rely on external suppliers to deliver devices, products and services.
As a result, the ability to reduce the risk of a cyber attack and remain cyber resilient is also determined by the cyber security of organisations within a council’s supply chain.
Cyber attacks can be carried out not only directly on your council, but also indirectly via your council’s supply chain. And, cyber attacks can even happen through the supply chain of one of your suppliers.
This is partly due to the fact that organisations in your supply chain may have limited resources, limited visibility of their own supply chains, and insufficient tools and expertise to evaluate cyber security.
So what does a council do to deal with supply chain risk? Your council must develop a robust supply chain risk management framework.
This framework first requires you to ask - how much risk is my council willing to take? This is known as risk appetite. It helps in determining what risk is acceptable, since it is practically impossible to do away with all risk.
You can then assign adequate levels of security controls to your councils’ contracts with suppliers, based on an assessment of risk facilitated by the framework.
For example, perhaps a council wouldn’t want to set aggressive controls on a refuse collection business who you’ve contracted to service part of your local area and is not connected to council systems.
But it would want to set more stringent controls on the procurement of a major new system to collect council tax payments.
Importantly, this depends on the council’s risk appetite.
Let’s round off this video with other practical steps your council can take to beef up your supply chain security:
Each council will need to identify the relevant people responsible for mitigating cyber risks in supply chains, so you can collaborate to develop council-wide, multidisciplinary approaches.
Councils also need to provide supply chain security awareness and education for relevant staff and stakeholders.
The threat landscape is constantly evolving with new risks and vulnerabilities. It is very important to always follow the most up-to-date guidance as given by the National Cyber Security Centre and other related government bodies.
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. The LGA has developed guidance on embedding cyber resilience in your supply chain, to find out more please click the link that pops up on your screen.
What does BCP and DRP refer to?
This video explains what Business Continuity Plans and Disaster Recovery Plans are and how they relate to each other.
What do Business Continuity Plan and Disaster Recovery Plan refer to?
In this video, we will: Define business continuity plan and disaster recovery plan, relate them to each other.
A business continuity plan, or BCP, outlines how a company will continue to operate during and after a major disruption. So a BCP normally focuses on maintaining critical functions.
These disruptions can include a fire outbreak, the breakdown of a key supplier, or a major cyber incident.
By outlining the steps to be taken in the event of a cyber incident, a business continuity plan can help to minimise the impact of an attack and ensure that critical operations can continue.
A disaster recovery plan, DRP, is the set of tools, processes and policies that support recovery following a disaster or major incident.
A DRP would be activated after a major system disruption with long-term
effects, such as a loss of data.
Both plans would form part of an organisation's overall risk management and emergency preparedness strategy, ensuring that the organisation is capable of responding to and recovering from disruptions of different severity.
But they differ in scope. BCPs focus on how to continue delivering business outcomes during an incident, while DRPs focus on recovering from an incident.
A DRP can support a BCP strategy by relocating supporting systems for business operations or mission-critical functions.
Let’s round off with two key steps to optimise the use of a BCP and DRP.
Once plans are in place, it is crucial that they are tested with simulated disruptions; otherwise, it will be unclear whether the plans will work in practice.
The results of any tests should be shared with the relevant stakeholders, and any improvements should be incorporated into an action plan.
This video is part of a series designed to expand your understanding of digital, technology and cyber security concepts. To learn more about the terms we covered, please watch our other videos!
