How does remote working impact Local Government?

Local government are still one of the most attacked sectors in the UK, fending off hundreds of attacks every day. Figures show the National Cyber Security Centre dealt with 777 incidents between September 2020 and August 2021, with around 40% aimed at the public sector.

Remote working has increased some of those threats, but it looks as if it will be here to stay in one form or another. According to SAP Concur’s “The Future of Work Within Central Government Research”, nine in 10 (91%) of government decision-makers agree that working from home will be commonplace post-pandemic.


So, what are the risks?

- Data protection – whether its sensitive paperwork bring brought away from secure offices, laptops being left on public transport or a burglar stealing the company laptop, the risk of data breaches increase the more we travel away from set locations and the more distracted we become.

- Use of personal devices to conduct local government work – there are a range of risks in relation to this, from not having devices updated meaning there are known security vulnerabilities, malicious apps could be downloaded, or external storage infected with malware could be used.

- Insecure home networks – default router passwords may allow an attacker on to a home system.

- Communication when a cyber incident does hit – if all your IT systems go down, how do you communicate with staff who are not in the office? Where are your contacts lists?

- Phishing emails – remote workers apparently can be more distracted than office workers, with deliveries, washing, children some of the reasons why attention might be taken away. Phishing emails rely on employees acting before they think so a distracted employee is a prime target.


What should we do?

- Staff awareness training – may sure that employees understand the increased risks involved with remote working and how they can help build the cyber resilience of the organisation. This should include phishing as well as the use of personal devices. The ECRC offers affordable staff awareness training, bespoke to your needs. Contact us for a free no obligation quote.

- Have a clear incident response plan – make sure you have thought about how you would deal with all your IT systems being unavailable including your remote workers, the communication with them and isolation of their devices if required. You can download a free template to get you started with your plan if you haven't considered one before.


- Protect your devices – all devices should be password protected and be capable of being remote wiped should the device be lost or stolen.


Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the aim of increasing cyber resilience of SMEs within the East of England.


You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.


We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

Policing led - business focussed






The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.