Cyber attacks on UK council staff working remotely more than tripled during the pandemic, a Freedom of Information (FOI) request has revealed.
Attacks increased by an average of 213% from March 2020, according to tech provider Insight, which gathered data from 47 councils across the UK.
On average, 74% of council employees switched to remote working, which is more than double the UK average and represents 1.4 million of the country's workers, according to Insight. What's more, remote working is set to continue in 98% of councils, leading to fears that attacks targeting employees at home will only continue to increase.
"The fact that councils could move their employees to remote working without disrupting services needs to be recognised for the major achievement it was," said Darren Hedley, the managing director of Insight UK and Ireland. "However, councils now need to build on this success: putting in place and strengthening defences to protect remote workers and eliminate gaps in security that could allow attackers to threaten essential services.
Hedley adds that many councils cannot do this alone and suggests that they need support and resources from the government, warning that there will be more and more employees and councils falling victim to attacks.
Don’t just educate: Create cyber-safe behaviour
Designing effective security awareness and training programmes
Another area of concern is around training, with less than half (47%) of councils investing more of their IT budget in increased security training for remote workers, even though such education is thought to be essential for remote or hybrid workforces.
"Clearly the priority in 2020 was enabling remote working, but more than a year into the pandemic it's worrying that many councils still haven't been able to assess their security posture," said Charlotte Davis, Insight's cyber security practice lead.
"These assessments need to cover the entire threat landscape, including third party risks, and honestly analyse gaps in the organisation's security posture. Once this is in place, councils can take the appropriate action to repair any gaps, from investing in technology, to building security awareness and putting frameworks in place so employees can follow best practice."
