How Bolton and Wigan teamed up to tackle their cybersecurity challenges
Technology chief Dave Pearce explains how the two local authorities are working together to share data, technology, and services
The digital landscape, austerity, and the way in which we interact with our citizens is changing rapidly. At the same time, it is becoming increasingly difficult for organisations to spot they have been breached. Frighteningly, statistics tell us that the average hacker could be inside an IT environment for more than 200 days before being noticed. It isn’t difficult to imagine the enormity of information that could be stolen over the course of these months, highlighting the importance of protecting the data of our citizens by making sound and appropriate investments.
Bolton and Wigan Council Partnership has taken the opportunity brought about by the challenges to our budgets as a consequence of austerity, to have a fresh look at the way we approach both changes to the digital landscape and our cybersecurity responses to the changing threat landscape. Behind every challenge is an opportunity: we have been compelled to innovate deeper.
We have been looking at our old ways of working and reimagining them. Our services are no longer delivered in a silo-based way, and we have begun a journey of bringing together agencies in a bid to work with our citizens more cohesively. We now share data safely rather than completely locking it down, as that would force each agency to work within their own silo, repeating assessments and often asking the same question multiple times.
- Tenacity and navel-gazing: Wigan’s road to digital success
- Bolton NHS Trust kicks off £30m electronic patient records project
- Manchester gets behind digital skills with £4m boost
This new approach has obviously required changes to the fundamental building blocks of ICT. We have recognised the need to take a risk-based approach to this digital transformation, and have used a range of methods to ensure projects are delivered in the most appropriate way.
Implementing a cultural change
Local authorities are responsible for providing of a range of services to the residents and businesses they serve. Some of these services require us to gather information – some of which is sensitive – from our citizens. We have a huge responsibility and duty of care to ensure this data is protected and that our residents have confidence in the way that this data will be protected.
In this increasingly digital world, one of the biggest hurdles we all face with the protection of data is not only tech, but also culture of our workforce. People have been used to taking ownership and understanding their obligations when it comes to paper assets, but taking the same responsibilities for our digital data assets has required a shift in mindset. When Bolton and Wigan joined together for the delivery of their ICT services in 2013, we amassed 8,000 computer users. That is 8,000 members of staff whose culture we began to change, rethinking methods of working, ensuring data security is at the heart. Part of changing culture has included encouraging staff to apply the appropriate security measure to the different data assets we hold, along with considering how we share it, with whom we share it, and for how long we retain it.
We are working in an exciting time in terms of how agencies, blue-light services and councils work collaboratively. At the same time, we must use our judgement, apply appropriate measures to ensure that citizens’ data is safe, and making training a priority.
Moving with the times
The digital world which we now inhabit has changed what citizens need from us, and indeed expect, when engaging with their local authority. They want to interact with us digitally, providing information only once – minimum input, maximum result; a one-click approach. This change in expectation is not something we should shy away from.
I am pleased that we have turned our challenge on its head. We have shifted the focus away from silo working, responded to the digital habits of the citizens, and evolved the skills of our workforce; if there’s anything a local authority must do to protect the data of its citizens, it is that.
Cybersecurity isn’t just the IT department’s responsibility. It is incumbent upon us all to take responsibility for the data we store, the practices we follow, and how we share the information we hold – we all have a role to play in protecting the data of our citizens.
Newham Council worker sent email with info including names and address
NCSC chief executive says that, while the creation of new international standards is not imminent, the UK would not rule out assisting their creation in the longer term
Representatives of UK, US, Canada, Australia, and New Zealand present a united front to face down cyberthreats
National Cyber Security Centre research reveals the most commonly breached passwords