Planning
As a DCS, how confident are you that your service could adequately respond to and recover from a cyber incident or unplanned disruption? You will likely already be feeding into a BCP on a corporate level – and it is also important to maintain a BCP tailored for your service that provides clear actions on managing a cyber attack.
We would strongly advise against publishing this online – it is a threat actors dream to see what your response to a cyber attack is and how it will be managed.
Working offline
The first step taken by your IT service in the event of a cyber attack is likely to be taking down all IT services and disabling access to any systems while the cause and impact is identified. The IT team would then focus on preventing further damage, recovering systems, restoring backups, managing access and so on. During this time, there would likely be no access to IT services.
Areas to consider:
- Is there a clear plan setting out how your service would cope with no IT access for a significant period – sometimes stretching to weeks or even months?
- How would your team cope without access to the necessary case recording system? What about managing new referrals?
- How would you ensure staff safety without access to case warnings such as ‘do not visit alone’ and ‘do not share this information’?
These are crucial questions to ask – and should be part of a regular cycle of reviewing and testing. Encourage your team to regularly consider how they could continue to provide essential services to children and young people if recording systems were unavailable, or all IT access was suspended?
Communication
If your service is the victim of a cyber attack, how would you communicate with colleagues, partners, residents and wider stakeholders? How would you do this if a cyber attack prevented you from accessing your usual communication methods (emails, MS Teams and so on)? Do you have an offline communication plan to support you in updating internally and externally? This may include using WhatsApp groups (which would need a full DPIA), posts on social media or phone calls – which means you will need access to contact details that are updated regularly and stored securely offline. Reviewing your plan with your corporate communications team will ensure a consistent approach across the council and reduce the pressure on the IT service to provide updates while managing a cyber incident.
Areas to consider:
- Do your staff understand how to report a cyber attack, and to whom?
- How will your staff communicate without access to IT or the internet?
- Is there a communications plan in place to help with response to media requests or questions from residents?
- Do you know where to report a cyber attack e.g., NCSC, LGA, police etc.?
Staff wellbeing
During a cyber attack, there may be an increased level of stress and responsibility on staff due to increased workload, concern for children and their families, and pressure from the media. It is crucial to make sure there are systems in place to support staff through this time. Focusing on these sorts of questions will help to promote a positive cyber security culture in your service area.
Out-of-hours
Is your service supported by out-of-hours social care support teams based at other locations or authorities? You may be clear on the response plans of your authority, but do you know how these work across shared working environments? What plans are in place, for example, if your out-of-hours service was unable to access the necessary case recording system? How would they perform checks on protective measures put in place to protect a child, or processes put in place to support a child’s care plan?