BHIB Councils Insurance recognise the unprecedented challenges we are all facing during the Coronavirus (COVID-19) pandemic.
We know you might need to share information quickly or adapt the way you work. Most of your council staff will be homeworking during the pandemic and will be required to use devices or communications equipment – therefore you should consider security measures during this period.
ICO (Information Commissioner’s Office) have addressed the top three GDPR compliance challenges identified through the feedback they gathered from the sector last year.
- Own devices – Remote working will increase the amount of personal data held on personal laptops or mobile phones and the use of non-council email addresses by councillors and clerks instead of the council system.
- Data audits – Retaining information ‘just because’ it might be useful in the future doesn’t mean it’s necessary to hold on to it. Councils should cleanse their records by deleting or destroying old data sets that have built up over time. Town and parish councils often don’t have formal handover processes in place whereby the ‘old’ clerk hands over relevant data to the new clerk – and delete or destroy the rest.
- Data sharing – Councils struggle with knowing how to share data appropriately. They worry about potential conflicts between different pieces of legislation, and aren’t sure whether to publish residents’ names in council minutes, or how to redact them.
Here are our tips to help your council and staff to stay secure during this period
As new cases of the Coronavirus continue to be reported daily, cybercriminals have been leveraging the situation to take advantage of those looking for information on the outbreak.
- Use virtual private networks (VPNs) – this ensures that all the data between the remote worker and the office network is encrypted and protected.
- Consider purchasing Cyber Insurance – BHIB Cyber For Councils is our Cyber Insurance offering which aims to protect against a range of cybersecurity threats.
- Ensure your email protection is up-to-date and raise awareness of phishing – stay particularly vigilant for malicious coronavirus-related emails. Reported scams from CFC underwriting include:
- Impersonating airlines and travel companies
- Fake charitable donations
- Fake emails claiming to sell masks and medical supplies
- Impersonating the World Health Organisation
- Use updated versions and latest patches – ensure all devices, operating systems and software applications are up to date.
- Consider web filtering – applying web filtering rules on devices will ensure that users can only access content appropriate for ‘work’.
- Enable use of cloud storage for files and data – don’t leave files and data in the cloud unprotected and accessible by anyone.
- Train your employees on Cybersecurity – our Cyber Risk Management Bundle is a ready-made cyber awareness pack for Councils to reinforce compliance and raise cyber awareness.
- Manage employee privileges – limit the amount of different people who have access to sensitive data, and monitor their activity.
- Establish a cyber incident response plan – make sure this addresses a variety of potential cyber risks and allows for as smooth and efficient a recovery as possible.
- Enforce a cyber risk management policy on staff members – this should include a safe internet use and email policy, BYOD (Bring Your Own Device) policy, mobile working policy and a data breach policy.
Following GDPR (General Data Protection Regulation) standards is crucial in order to ensure effective data protection practices and to avoid hefty fines for non-compliance.
To do this, consider the below guidance:
- Make sure all staff members fully understand what the GDPR is, and the role they play in helping your local council remain compliant
- Review your existing data processing practices and make sure that your local council identifies with one of the six lawful bases for processing
- Depending on your position in local government, you may be subject to a data protection fee. Check with the ICO here to see if this applies to you
- Review the existing data sharing agreements you have in place and ensure they comply with GDPR standards
Social Media risk management
As social media becomes an increasingly popular way for local councils to communicate to residents, it’s important to have policies and processes in place to effectively manage risks.
Guidance to staff with access to council social media accounts should include:
- Importance of being responsible and respectful during all social media interactions. Also ensure your social posts follow any relevant local council HR policies
- Only share content and links on social media that comes from reliable sources, and always provide credit to the original source. If in doubt, don’t post.
- Establish a routine and schedule to your social communications. Try to make sure the content you share is designed to engage your audience e.g. by asking questions and offering feedback to comments
- Be open and honest at all times. Use social media as a platform to be transparent with your community.
Specialist Insurance for Local Councils
We are passionate about delivering tailored insurance solutions for Local Councils.