‘Increased threat’ of serious cyber attack at council facing regular phishing attempts

Gedling is among a number of councils taking extra precautions against large-scale cyber attacks.

By Matt Jarram, Local Democracy Reporter

Councillors fear Gedling Borough Council could come under a cyber attack, putting residents’ information such as council tax details at risk.

The local authority discussed the ‘increased threat’ of a cyber attack at its cabinet meeting on Thursday, July 8.

This comes after cyber thieves believed to be from Russia attempted to hack into Broxtowe Borough Council’s computer systems in February to try to steal personal information.

The system’s firewall held the thieves at bay and no personal details were accessed.

Gedling Borough Council said “there continues to be an increased threat of a cyber-attack which, if successful, will result in a significant impact on the council’s customers, staff and reputation”.

The council said it has a number of measures, including a Data Security Group, now in place to ensure thieves can’t successfully strike as an attack could prevent the local authority being “unable to deliver vital services to customers”.

In 2020/21, the council has recorded 44 data breaches/incidents by council officers.

No breaches were reported to the Information Commissioner’s Office as after investigation none of the breaches identified a risk to the rights and freedoms of an individual.

The report to cabinet states: “The breaches reported have been minor in nature and have largely been borne out of clerical error, for example the wrong addresses typed into systems which generates mail to the wrong address.

“Staff have been reminded to check address details or update changes to addresses before sending out mail.

“Every incident is thoroughly investigated and wherever necessary, measures are put in place to reduce the risk of further incidents. No systemic failures have been identified.

“There has been one incident where council equipment has been lost, being a mobile phone, but the risk of information loss was low and the device was not connected to the network so presents no ongoing risk.”

The report said there were no successful cyber security incidents involving malware or hacking in 2020/21.

However, the council said it continues to be subject to “a large number of attempted phishing attacks which are stopped by a combination of technical controls and staff vigilance”.

The council said: “Unfortunately during the Covid-19 pandemic, there has been an increase nationally in the number of phishing attacks relating to Teams, Zoom and Covid-19 and as a result additional guidance has been provided to officers and members.”

(Visited 1 times, 1 visits today)