Levels of cyber security differ greatly between Renfrewshire and East Renfrewshire, according to a new report.
Written by campaign group Big Brother Watch, the Cyber Attacks in Local Authorities report shows a contrasting levels of staff preparedness between the two council bodies.
Over the past four years, East Renfrewshire has experienced two cyber attacks, both resulting in ‘serious incidents’, defined as a breach of a system’s security policy.
While Renfrewshire does not hold data for the number of cyber attacks, none of the incidents there escalated further.
Fears were raised over the lack of mandatory training for existing staff or records held by East Renfrewshire, which Big Brother Watch say would be a significant step towards being more secure online.
Renfrewshire, on the other hand, is in the process of rolling out training for staff and is tracking progress, with more than half having already completed this.
Lead researcher Jennifer Krueckeberg said: “It’s good to see that both were able to prevent any loss or breach of data so far – but there is still plenty of room for improvement.
“That East Renfrewshire Council couldn’t tell us how many of their staff members were trained is very concerning.
“The majority of cyber attacks are designed to trick humans into revealing valuable information by pretending to be a legitimate email or link.
“Mandatory training for all employees should be at the core of every council’s cyber security strategy to keep citizens’ sensitive information safe.”
As well as current training, Renfrewshire also sets aside £4,000 for training updates every year and employs two expert cyber security experts within the council.
East Renfrewshire, on the other hand, has no set cyber training budget.
However, East Renfrewshire Council do set aside a larger portion of money towards dealing with the problem, with bosses allocating eight per cent of the council’s IT budget to security, compared to five per cent in Renfrewshire.
A spokesperson for Renfrewshire Council said: “Cyber security and cyber resilience are a continuing high priority for the council.
“The nature of threats changes regularly, so these measures are frequently reviewed and updated to maintain effectiveness.
“Combined, this proactive approach helps us to maintain a collection of robust holistic defences.”
An East Renfrewshire Council spokesperson added: “Cyber security policies and controls are regularly reviewed and the council undertakes frequent security health checks to ensure the policies, controls and technology remain current and effective in light of an ever-changing threat landscape.
“This provides staff with the skills to detect and protect against cyber threats.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here