Many councils are already investing in a range of measures to protect their systems and the data they hold from potential attacks.
These measures include:
- implementing firewalls and scanning services
- applying government’s cyber security guidance, e.g. 10 Steps to Cyber Security or Cyber essentials
- introducing training for their workforce and elected members,
- carrying out health checks, penetration test and cyber resilience exercises to test their systems and processes, e.g. Web Check – a website configuration and vulnerability scanning service, developed with a number of public sector organisations including councils. This is free to use and available to all public sector organisations.
- meeting compliance regimes, Code of Connection (CoCo) which require good cyber hygiene, to connect to government private networks, e.g. PSN and the Health and Social Care Network.
- working with partners across the public sector through participation in Cyber Security Information Sharing Partnership (CiSP), Warning, Advice and Reporting Points (WARPs) and Local Resilience Forum (LRFs) to protect their systems from and put in place plans to respond to cyber-attacks.
Councils also need to ensure there is the resilience to continue to provide services if and when a cyber-attack occurs.