Cyber security

In a world of electronic information, the protection of our data is becoming ever more important. We exist in a culture powered by interconnecting data, constantly evolving and allowing us to make better decisions.

This makes it even more critical for us to put in controls around how we use, store and process our data and for us to follow the guidance from the experts and to ensure that our systems are appropriately hardened and locked down to keep the attackers out and our systems continuously working well.

Cyber incidents are on the rise, especially within public sector. We know that the ramifications are serious and widespread, from personal to economic. Protection and remediation are service disrupting and of significant financial expense. The impact on people affected by their stolen information can be disturbing and life altering in some cases.

The Cyber Security strategy outlines the focus we shall be adopting for our councils and residents. It is imperative that we put the right controls in place to protect and react to cyber threats going forward. We have a strong relationship with National Cyber Security Centre and other private cyber agencies which we will harness to help us to protect the data of our residents.

We want to continue to use the benefits of technology to improve the lives of local people. This strategy will safeguard us all. It will build confidence in the way we operate and deliver our services and keep us at the forefront of the digital revolution.

What we will deliver

The Southwark Council’s cyber security initiative encompasses several key projects designed to enhance the organisation’s resilience against cyber threats.

Working with our Shared Technology Service Partner and professional third-party subject matter experts we will deliver the following:

Security awareness training programme

Further development of a cyber security training programme for staff to educate them on best practices, recognising phishing attempts, and understanding their role in maintaining a secure digital environment.

Endpoint protection enhancement

To strengthen endpoint security measures by deploying advanced antivirus solutions, intrusion detection systems, and endpoint detection and response (EDR) tools to safeguard individual devices and endpoints.

Network security upgrades

Upgrade and fortify the council’s network infrastructure with robust firewalls, intrusion prevention systems, and regular security audits to identify and address vulnerabilities in the network architecture.

Incident response and management

Developing and refining an incident response plan to effectively and promptly address any cybersecurity incidents, including a designated response team, communication protocols, and continuous improvement based on lessons learned.

Regular vulnerability assessments

Conducting routine vulnerability assessments and penetration testing to proactively identify and remediate potential weaknesses in the council’s IT infrastructure.

Data encryption measures

Implementing robust encryption protocols for sensitive data both in transit and at rest, ensuring that confidential information is secure.

Supply chain security 

Strengthening cyber security measures throughout the supply chain by working closely with third-party vendors and contractors to ensure that their systems meet the council’s security standards.

Security governance and compliance

Establishing a comprehensive cyber security governance framework to ensure compliance with relevant regulations and standards while continuously monitoring and adapting to emerging cyber security threats.

Cyber security awareness campaigns

Conducting ongoing awareness campaigns to keep staff informed about the latest cyber security threats, promoting a culture of vigilance, and encouraging reporting of any suspicious activities.

Next: the power of partnerships

Page last updated: 08 May 2024