BARNSLEY Council are potentially at ‘high risk’ of a cyber attack which could result in a ‘catastrophic’ loss of systems and finances, a report has revealed.
At this week’s audit and governance meeting, councillors discussed the local authority’s strategic risk register - which highlights areas bosses need to monitor.
The threat of fraud or a cyber attack against Barnsley Council has been ranked as a potential ‘high risk’.
The report states: “There is a need to recognise the increasing and constant threat of fraud against the council.
“This threat also includes the possibility of a cyber enabled fraud attack being perpetrated against the council, which could result in a catastrophic loss of systems as well as a financial loss.
“Local authorities and the public sector generally are under a constant and increasing threat from fraud attempts externally by individuals and organised crime groups, whether that is via a direct cyber attack or impersonation in some way.”
In 2021, callous organised criminals targeted Barnsley Council and swindled the local authority out of almost £1.4m before a probe led by an anti-fraud team managed to recover taxpayers’ cash.
The Chronicle understands cyber criminals took advantage of employees working from home and hacked their way into the council’s coffers before the scam was uncovered.
It’s not the first time council bosses have found themselves victims, after fraudsters duped them out of £25,000 by submitting a fake application for a coronavirus grant.
The local authority had prevented five attempts to swindle cash in 2020 following the first lockdown spell in March - totalling £110,000 - but was the victim of one claim.
Barnsley Council bosses have confirmed that they have tightened up their own processes and have worked with banks to see how they can help protect the local authority going forward.
The report has also revealed that there is a threat of ‘internal fraud’ - not just external cyber attacks on the council’s systems.
“We also need to be aware of potential internal fraud (corruption/theft) where the risk of this is perhaps changing as individuals come under personal financial pressure and an opportunity is seen because of changes in the control arrangements,” it added.
“It is management’s responsibility to ensure they and their staff are aware of fraud risks, to spot a cyber based attack and highlight where any concerns exist either in relation to vulnerabilities or indeed if a fraud is suspected.
“IT services will need to provide timely and relevant training and awareness in relation to cyber threats as well as maintaining the necessary technical security measures.”
The council has created a seven-point action plan in a bid to protect themselves from such attacks - two of which have been completed, whilst a further two are progressing well and the remaining three are classed as ‘amber’.
Bosses have created a cyber recovery plan which was tested as part of an exercise in December.
A meeting will take place next month to review the plan, based on feedback from the exercise, and then further desktop internal testing within the IT services at the council will be undertaken to test the updated plans.