Councils remaining vigilant as the UK braces for cyber attacks from Russia

Guidance from the National Cyber Security Centre (NCSC) – part of Government Communications Headquarters (GCHQ) – states organisations should follow the advice for when the cyber threat is heightened in light of the invasion of Ukraine by Russia.

The NCSC says while it is not aware of any current specific threats to UK organisations, in relation to events in and around Ukraine, "there has been an historical pattern of cyber attacks on Ukraine with international consequences".

Wolverhampton Council says it takes cyber security very seriously and as a result of the situation in Ukraine, the authority’s digital and IT services had stepped up preparations for attacks on public bodies.

A council spokesperson said: “We constantly monitor the changing cyber threat landscape and follow NCSC best practice.

"We have invested in our cyber security to ensure our systems are strong.

"Wolverhampton Council has received NCSC Cyber Essentials Plus accreditation, providing external validation of our work and has recently been awarded a £10,000 grant by the Local Government Association to further invest in cyber security.”

Sandwell Council said cyber security is also "a top priority" for its IT department and the authority.

Ian Parry, cabinet member for finance at Staffordshire County Council, added: “As like many public bodies, the county council continues to follow current guidance from the NCSC to help reduce the risk of cyber attacks.”

Dudley Council confirmed that it has "multi-layered technical defences" in place and a "robust programme of staff cyber awareness".

Councillor Shaun Keasey, the council's cabinet member for digital, customer and commercial services, added: "We are aware of potential cyber threats and are operating at a heightened state of awareness as a result of the ongoing situation.”

The guidelines from the NCSC recommend ensuring desktops, laptops and mobile devices as well as firmware are all patched – meaning updated to remove flaws in operating systems and programs.

Other advice is to ask staff to ensure that their passwords are unique to work systems and are not shared across other, non-business systems, and remove any old or unused accounts.