Several local authorities in the north and north-east remain vulnerable to cyber attacks after failing to fully implement e-mail security measures.
Research has found that fewer than a third of Scottish councils have brought in anti-spoofing technology recommended by the UK National Cyber Security Centre (NCSC).
The “DMARC” (domain-based message authentication, reporting and conformance) system helps authenticate an organisation’s communications as genuine and prevents attackers from sending out “phishing” messages appearing to originate from the council.
The NCSC says that attackers sending fake e-mails purporting to be from a government body is “one of the biggest problems in UK cyber security”.
Last year HMRC – which is the “most spoofed brand” in Britain – blocked more than 300 million malicious or fraudulent e-mails, with the help of DMARC.
But in northern Scotland, only Aberdeenshire and Shetland Islands Council have fully implemented the security measure, with the process remaining incomplete at Aberdeen City Council, Argyll and Bute Council, Highland Council, Moray Council and Western Isles Council, according to the research. The study was carried out by technology company OnDMARC.
Co-founder Randal Pinto said: “The UK Government has deemed DMARC as an essential step in protecting residents of Scotland against phishing attacks, so it’s disappointing to see so many local authorities neglecting to shore up their e-mail defences.
“DMARC was designed by IT industry heavyweights together in a bid to eradicate e-mail fraud, so we need to educate local authorities from Falkirk to the Orkney Islands Council about what it is, how it can better protect citizens and how it can be implemented with minimal cost and disruption to existing local government services.”
Last night, a spokeswoman for Moray Council said: “We already use elements of DMARC and are now working to implement it fully as we put into place the Secure Email Blueprint from the National Cyber Security Centre.
“This will strengthen our already robust approach to cyber security and protect residents and businesses from phishing.”
A Highland Council spokeswoman said: “As part of its ICT transformation programme, Highland Council is currently implementing DMARC as an additional cyber security measure to its existing Public Services Network (PSN) security accreditation to ensure our residents data is securely protected.”
Between April 2016 and December 2016, more than 15million attacks were attempted against Aberdeen City Council.
This included more than 12million spam attacks, and almost 300,000 attempts to infect the local authority’s systems with computer viruses.
This January, Aberdeen City Council’s website was taken down by hackers, who left their names on the web page.
The hackers said they targeted the council in response to President Donald Trump’s travel ban.