Cybercrime — what you need to know
LG Leader June 2019
In modern day society, a large portion of our work and social interactions are now occurring online.
While there are great advantages to ensure constant connectivity online whether by email, or social media, online interactions also present great challenges.
While a current challenge for councils is the use and misuse of IT and social media, an emerging challenge is exposure to cybercrime.
Agencies over the world, in one way or another, are exposing themselves to cybersecurity risks on a daily basis, often without a clear understanding of how. In fact, a 2017 study identified that uninformed or careless employees is one of the most likely causes of a cybersecurity incident, second only to malware, and a UK survey found that UK Councils recorded over 98 million cyber-attacks over the proceeding five years.
Closer to home, the Australian Government estimates that cybercrime costs Australians over $1 billion each year, and councils here are not immune. In 2016 the Brisbane City Council was the target of a cybercrime attack and scammers were able to steal $450,000.00.
This is but one of the reasons why it is imperative that councils have a current IT Policy. A comprehensive IT Policy will govern the manner in which employees and elected members use council systems, networks and the internet, as well as their use of social media. Outdated policies may expose a council to attack and data leaks if appropriate guidance is not provided for in the Policy. A clear and inclusive IT Policy is also in keeping with a councils requirement to adopt good governance practices.
Cybersecurity is no longer simply the exclusive domain of the IT department. An IT Policy intersects across the whole of council, including but not limited to HR, governance, compliance, legal, and management. Having these key areas proactively engaged in shaping such a policy is also critical for effective implementation.
It is also important to ensure that employees understand the provisions set out under the Policy, as well as their role in ensuring it is implemented. There is no doubt that a live and regularly updated IT Policy is a councils first line of defence against cybercrime and other liability risks.