Raising Staff Awareness – Glasgow City Council

Information security is a priority for Glasgow City Council, and when we heard about Cyber Scotland Week we viewed it as another opportunity to remind staff about the importance of looking after the data of our service users, staff and citizens as they go about their daily business delivering services.  We work extremely hard at Glasgow City Council to instil in our staff the importance of information security, and the activities we are planning for the week will set out to get serious, key messages across via some interactive events laced with a bit of fun.

During the “Week”, Council staff and staff from CGI, the Council’s ICT provider, will aim to increase awareness of Cyber Security threats within our professional and personal lives.  Staff from both organisations will jointly man stands at key Council venues on the 23rd and 26th of April to interact with Council staff and demonstrate some simple tools to check how “Cyber Savvy” staff are and to discuss more general Cyber Security issues.

Cyber Resiliency is not the domain of just the workplace, and we should be just as careful at home and apply similar levels of caution when opening e-mails or connecting on Social Media.  Individuals should be aware of the impact that sharing information or ‘Selectors’, such as their e-mail address, both in a professional and social context, has. If you share your e-mail address when you sign up to a website, you may have no idea how secure that site may be, or how they will share this information.

One of the tools that staff that visit our stand will be shown is “Haveibeenpwned”, which is a free website set up by a Security Researcher (Troy Hunt) where people can input their e-mail address to identify if it has been leaked in a data breach elsewhere on the internet.  Once your address has been leaked, malicious actors can then use this to target you in e-mail Phishing campaigns. Their motive may be to gain access to your PC or Corporate Network, or to direct you to a malicious site to download a virus or malware or, even worse, Ransomware.

In order to help Staff identify what a Phishing e-mail looks like and show them key elements to look out for, CGI will use a free E-mail Phishing test which Council Staff will be encouraged to use.  The test will take staff through a variety of different e-mail types and after each scenario, the user will be told whether the e-mail was legitimate or phishing and what they should look for each time.

We will also be offering staff the chance to take part in some fairground type activities with a cyber theme including a fishing game, guessing the number of cookies in a jar, and a tombola.

There will also be a guest appearance from our resident mannequin “Joe” who pops up in various guises, this time disguised as a cyber man attempting to break through a wall.

 

Gordon Laird, Governance Manager Information, Glasgow City Council

John Bruce, Chief Information Security Officer, CGI

 

Gordon Laird

Gordon Laird, Governance Manager Information, Glasgow City Council

John Bruce, Chief Information Security Officer, CGI