How modern data protection best practices can improve the security of local councils

Traditionally, local councils have not been on the cutting edge of technology and relied on IT legacy infrastructure. The majority of services were still conducted in-person, and those that were online often lacked sophistication.

But the pandemic forced councils to accelerate their digital transformation plans, almost overnight. One of the biggest impacts has been that local councils are now handling and storing more data than ever before. This trend will likely continue, with the benefits including the automation of services, more inclusive access for citizens and ability to offer staff more flexible ways of working. There will be no going back.

With this shift comes a significant security challenge, especially for those councils still running on legacy IT systems. According to the UK government’s own research, these threats come in the form of cyber criminals, state actors and state-sponsored attacks, terrorist groups, hacktivists, and script kiddies.

Of course, councils are not alone. Cyber attacks are on the rise in all industries all over the world, and just recently we saw one of the largest password collections of all time leaked on a popular hacker forum.

It’s now essential for every organisation to embrace Modern Data Protection in order to mitigate the cyber security risks that are now prevalent in an increasingly data-intensive, digital world.

The UK Government must keep an eye on its vulnerable supply chain

Mike Beck, global CISO at Darktrace, discusses how AI can help the UK Government detect supply chain compromises, following the recent Gamarue attack. Read here

The cyber threat landscape

In the face of hybrid working and the current cyber threat landscape, a significant number of councils are relying on insufficient data protection solutions and protocols. There’s been a number of cyber attacks recently on councils, during which private documents might have been stolen and posted publicly online, for example. The pressure councils are under from digital threats is mounting.

Given the sensitive and diverse data councils hold, it’s clear that there is a need to align on the best practices around Modern Data Protection to ensure that residents’ data is stored in the safest way possible. With research from Tessian highlighting that 47% of individuals have fallen for a phishing scam while working from home, this need has become even more prevalent throughout the pandemic as hybrid working has become common.

Currently, the majority of councils aren’t set up in a way which follows them to employ better Modern Data Protection practices. According to the Veeam Freedom of Information report, every council has a disaster recovery plan in the event of an IT failure or outage. However, the research also found that only 15% of councils regularly test their systems (once a month or more). Councils using legacy disaster recovery technologies are at a higher risk because regular testing cannot be automated and reliability isn’t guaranteed.

With many councils embracing remote working as we move out of the national lockdown, the council leaders and IT teams need to focus on ensuring all IT systems continue to be backed up and tested regularly.


To ensure councils are implementing best practices when it comes to protecting against cyber attacks, local authorities need clear Modern Data Protection strategies to ensure that the data within their jurisdiction is protected and secured at all times. Failure of data backup and disaster recovery systems can have grave consequences for local authorities, given the sensitive nature of the data in their custody. As such, planning automated testing to happen periodically is one way to increase the confidence that councils can restore and recover data successfully.

Further to this, the IT strategy, data storage and cyber security systems must be fit-for-purpose. They must be evaluated frequently to ensure organisations have not developed a vulnerability. But as well as looking inwards, this evaluation and subsequent planning must account for the fact that some attacks will most likely be successful. Annual reviews give organisations the ability to be proactive in the wake of an attack.

Lastly, businesses can’t forget about training employees. Employees play a huge part in ensuring data is protected. All employees must receive training on how their organisation stores, protects and secures data, and minimises the risk of ushering in cyber attackers through popular attack methods such as phishing.

How to mitigate the impacts of an IT outage

This article will take a look at how organisations can mitigate the operational effects caused by an IT outage, and prevent them from occurring. Read here

Looking ahead

Councils hold a lot of sensitive data and there’s a high level of responsibility that comes with this. However, when they’re faced with a potent and evolving threat landscape, and the complexities of hybrid working, local councils would greatly benefit from Modern Data Protection. With this in mind, if councils follow the best practices outlined above, it will allow them to ensure data won’t be lost or fall into the wrong hands, as well as enable them to service their residents in the best way possible.

Written by Dan Middleton, vice-president UK&I at Veeam

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at