Security challenges are evolving rapidly, and local authorities face unique risks when it comes to cyber-attacks. Residents’ personal identity data, users’ bank details, employees’ health records, etc. Local authorities hold sensitive information, which must be protected. Let’s take a closer look at the threats these entities face and see how they can protect themselves against these increasing vulnerabilities.
The 4 cyber risk factors challenging local authorities
1. A double hierarchy: elected representatives and civil servants
In local authorities, elected representatives and civil servants work together, using shared tools. This raises the issue of managing access rights: the complexity of the double hierarchy, comprising both elected representatives and civil servants, creates specific challenges. These must be administered with regard for the level of responsibility within the local authority and/or the aspects that concern each user.
As employees, local authority staff often receive training in good data security practices. As for elected representatives, their IT experience and habits can vary hugely, and some may even be unaware of certain security constraints. Managing these disparities in a balanced way is vital to maintaining IT security within the local authority.
2. Shadow IT
Shadow IT is the use of software, applications, systems or devices that are ‘invisible’ to the IT department. Shadow IT is particularly prevalent in the public sector, with almost 49% of public sector employees using unauthorised software or cloud tools for work*.
This represents a major risk: staff can have a tendency to bypass the IS or IT department, installing their own tools, which can create security issues. The unauthorised software is then beyond the control of the IT department and can therefore be dangerous: file transfers on questionable platforms, sharing Excel files that contain sensitive, critical and/or confidential data, etc. The lack of control can compromise data.
3. Connectivity of old equipment
The presence of old, out-of-date equipment is also a cyber hazard. These obsolete systems no longer receive security updates or support, making them even more vulnerable. They may have compatibility issues with current cyber standards and, in the worst-case scenario, become entry points for malware, jeopardising network integrity and data security.
4. Multiple sites
The geographical fragmentation of local authorities means that security policies may also be fragmented. Each site can potentially adopt its own security rules. In some cases, variations from one entity to another can create vulnerabilities.
The multiplication of systems and infrastructures can prevent the IT Department from being able to see the IS as a whole. This makes it more difficult to keep track of equipment and ensure compliance with legal and regulatory requirements.
An ITSM tool to guard against risks
An ITSM tool provides a cross-functional response for everyone involved in IT management. Its unified platform and features enable multi-site and multi-user management. The solution provides an effective response to the challenges faced by local authorities:
- Individual user access rights
ITSM enables access rights to be managed according to the functions, roles and organisational level of each user. This simplified approach ensures that both staff and elected representatives only have access to the information that directly concerns them. By establishing a clear access hierarchy, the tool helps to reinforce data confidentiality and guard against unauthorised access.
- Preventing shadow IT
The ITSM solution provides a single space where users can find all the tools required for IT Service Management, such as the CMDB (Configuration Management Database), Ticketing, HelpDesk, the user portal if applicable, etc. Providing employees with a complete solution removes the need to resort to third-party and potentially dangerous tools.
- IT asset management
ITSM obviously plays a central role in IT asset management, in particular through the proactive identification of ageing equipment that is a potential source of security breaches. By managing software contracts, planning updates and detecting hardware obsolescence, the tool helps to minimise vulnerabilities by ensuring the security and compliance of IT assets.
- Remote site monitoring
To meet the challenges posed by multiple sites within authorities, ITSM, and more specifically the CMDB, offers optimum tracking of assets and people. This includes equipment location, details of the components that appear in tickets (interdependencies, timescales, related contracts, etc.), as well as management of the owners of each piece of equipment. This comprehensive approach ensures effective coordination between geographically separate entities.
An ITSM tool such as iTop is equipped to meet the cybersecurity issues faced by local authorities, even the most challenging ones!
- The CMDB provides full visibility of component dependencies: in the event of an attack, it is easy to identify which devices might be infected if it spreads.
- Centralised security incident management ensures optimum responsiveness in the event of a threat.
To find out more about IT asset management and remote IS monitoring