Date published: 17 February 2021
Auditors said they had a "substantial level of confidence" in West Lindsey District Council's processes
Auditors carried out a high level review in to the cyber security and said they have a ‘substantial level of confidence’ in West Lindsey District Council’s processes.
Assurance Lincolnshire awarded the assurance opinion following an internal audit into the review of ICT Cyber Security (joint review across West Lindsey and North Kesteven)
ICT and Cyber Security is managed jointly between West Lindsey District Council and North Kesteven District Council as parted of a shared service provision.
In undertaking the review, auditors considered the 12 key areas highlighted by the National Cyber Security Centre (NCSC) and National Audit Office (NAO) as being relevant to Cyber Security. They completed a high level review of each one.
Overall, they found that the arrangements for managing Cyber Security risk are good, particularly at an operational level.
The news has been welcomed by the Council as the audit was carried out at a time when a high level of staff are working remotely at home, as a result of the Coronavirus pandemic.
Cllr John McNeill, Chairman of the Governance and Audit Committee at the Council has welcomed the news.
He said: “Cyber-attacks are attempts by hackers to damage or destroy a computer network or system and they are becoming more and more frequent. The COVID-19 pandemic – has led to a lot of cyber-attacks in our community, using fake mobile phone messages that redirect people to fake websites to collect personal information which makes it important that we continue to stay alert and take action to stay safe on line.
“As a Council we use the internet all the time, with over one million requests each day resulting in around ten thousand security blocks. We use active cyber defence to secure our colleagues and our information.
“Our joint ICT shared team were involved in four weeks of technical and procedural testing but they were able to provide a response to every question and showed a leading understanding of the area. I would like to thank them all for their hard work and for having robust operational procedures in place to keep our Council’s and our data safe.”
The report made two high priority recommendations relating to Risk management and disaster recovery:
- Risk Management processes could be improved by considering a single coordinated approach across both councils
- Identified the need for a full Disaster Recovery plan for both councils
The recommendations related to matters of governance and improving the joined up approach between the ICT service for both councils, which will help reduce the risks around cyber security and other benefits.
Did you know?
- We check over two million websites a day by scanning them before colleagues connect or our systems connect
- We block millions of emails which is more than 70% of incoming emails
- Use 3 backups in different locations – we save a copy of the data on the servers and we test our ability to recover every week
- We actively promote all staff stay alert and are careful with unknown sources of information and to report suspicious activity