Dan Middleton, VP, UK&I, shares his top tips on how local councils can ensure best practices when it comes to modern data protection
The pandemic resulted in many councils forced to digitise their services at a pace they were not prepared for, meaning they were handling and storing more data than ever before. This created a massive and unforeseen operational challenge, especially for those organisations that were running on legacy IT systems.
According to the Institute of Fiscal Studies (IFS), the pandemic has simultaneously increased spending and reduced revenue-raising capacity for local governments. This means budgets were even tighter when it came to protecting the data local councils held, making effective data protection even more of a challenge.
There’s been a number of cyberattacks recently on councils, during which private documents might have been stolen and posted publicly online, for example. The pressure councils are under from digital threats is mounting. With instances like this in mind, this article addresses the key issues councils face when it comes to data protection and the five ways they can ensure best practice.
The issues facing councils today
The pandemic accelerated the need for Digital Transformation in many councils, resulting in three main issues: outages, testing and the current cyberthreat landscape.
According to Veeam’s Freedom of Information Report: An authority on data protection for local government, around a third (32%) of councils have experienced unplanned IT outages in the past 12 months. On average, local authorities have experienced five unplanned IT outages in this time – with 10% having experienced as many as 20 lapses.
Every council has a disaster recovery plan in the event of an IT failure or outage. However, our research found that only 15% regularly test their systems (once a month or more). There’s a risk that these councils are using legacy disaster recovery technologies in which regular testing cannot be automated, and its reliability isn’t guaranteed.
With the modernisation of data and the current cyberthreat landscape, a significant number of councils are relying on insufficient data protection solutions and protocols. According to the UK government’s own research, these threats come in the form of cybercriminals, state actors and state-sponsored attacks, terrorist groups, hacktivists and script kiddies.
Given the sensitive data they hold, it’s clear that councils need to align on the best practices around modern data protection to ensure that they can store residents’ data in the safest way possible.
Our top tips
For councils to ensure they’re implementing best practices, we suggest they follow these five steps:
- Plan: Local authorities need a clear modern data protection strategy to ensure that data within their jurisdiction is protected and secured at all times. Failure of data backup and disaster recovery systems can have grave consequences for local authorities, given the sensitive nature of the data in their custody.
- Test: Adopting an automated testing capability that can test after every backup gives councils the confidence they can recover and restore successfully in an outage event.
- Evaluate: IT strategy, data storage and cybersecurity systems must be fit-for-purpose. They must be evaluated frequently to ensure organisations have not developed a vulnerability. As well as looking in, this evaluation and subsequent planning must account for the fact that some attacks will most likely be successful. Annual reviews give organisations the ability to be proactive rather than reactive.
- Train: All employees must receive training on how their organisation stores, protects and secures data, and minimises the risk of ushering in cyber attackers through popular attack methods such as phishing.
- De-risk: Partnering with a third-party vendor that possesses expertise and heritage in modern data protection provides peace of mind and ensures that local authorities follow the best practice possible to keep data safe and secure.
Looking forward
Local councils are aware of their responsibilities for protecting diverse and critical data sets. However, outages, unfortunately, remain common and last longer than the commercial average (as found in the Veeam Data Protection Report 2021). Faced with a potent and evolving threat landscape, local councils would greatly benefit from modern data protection methods.
With this in mind, if councils follow the best practices outlined above, it will allow them to ensure data won’t be lost, fall into the wrong hands and enable them to service their residents in the best way possible.