Improved IT security in Plymouth

Council workers will be locked out of systems

Extra levels of security are being brought in to protect Plymouth City Council against cyber attacks.

Staff and councillors are among the biggest risks when it comes to cyber security, a meeting heard this week

Training is being stepped up to “avoid human error” which could pave the way for hackers to get into the system.

Anyone who does not regularly update their technology will be locked out of their computers and have to apply to get in again.

Speaking to the council’s scrutiny management board on Wednesday, Cllr Sue Dann (Lab, Sutton and Mount Gould), cabinet member for human resources, said with much of the council’s work now dependent on using IT, it was necessary for everyone to conduct “due diligence”.

According to national reports more than 25 per cent of UK businesses have been hit by cyber attacks in the last year, including Marks & Spencer and the Co-op, leading to lack of stock and breaches of customer data.

Redcar and Cleveland Council’s IT systems were hacked in 2020 disrupting everything from bin collections to social services and decisions about how to keep vulnerable children safe.

Cllr Dann said the council was experiencing cyber attacks and phishing, where actors attempt to trick individuals into revealing sensitive information, such as passwords, credit card details, or personal data, by disguising themselves as someone trustworthy, “all the time”.

“When I was Lord mayor my account was attacked three times and emails went out to all councillors asking for money,” she said.

She said the council had put in more firewalls, which are computer network security systems that restrict internet traffic into, out of, or within a private network, but expected staff to do all the training and report any suspicious emails or phishing attempts.

“We have the responsibility to do due diligence, so we will be chasing people up to watch training videos.

“They are really useful not only in work life but in your personal life as well.

“We are bringing in an extra level of security for staff, if you do not regularly update your computer after 30 days you will be locked out and have to apply to get you in again… councillors have to do the same.

“We are looking at new ways of working and AI, making sure that we have the right protection. We need to get over to the council how important cyber security is.” 

Councillors heard that half the emails to the council were detected to be a threat or spam and were not delivered.

Cllr Charlotte Holloway (Lab, Drake) asked if the city was getting any additional support from the MOD as its future economy was tied to defence.

She was told that it didn’t get specific support but was signed up to security alerts from the Government, as well as the national security centre if there was any threat.

The council’s IT operations partner did assessments on its exposure to risk and took immediate action if necessary and monitored this to a conclusion.