Fears have been raised that Moray Council could be at risk of cyber attacks from Russian hackers.
The local authority has recently renewed its antivirus protection with Kaspersky, a Moscow-based business.
In March Kaspersky antivirus software was considered an unacceptable threat to the USA’s national security, following Russia’s invasion of Ukraine.
It was added to a risk list along with two Chinese companies. American businesses are now banned from buying its products with federal subsidies.
Also in March Germany’s cyber security agency told people to uninstall Kaspersky software as it left them vulnerable to hacking.
Councillor Marc Macrae said he has raised concerns several times with chief executive Roddy Burns over the council’s reliance on Kaspersky for its cyber security.
He is also alarmed the local authority is still buying products from a Russian supplier given the war in Ukraine.
However a council spokesperson said the renewal had been carried out in accordance with UK National Cyber Security Centre (UKNCSC) guidance.
Mr Macrae said: “It strikes me as potentially worrying that Russian computer programmers may have back door access through Russian software applications to hack users.
Cyber threat ‘worrying’
“The council has so much data saved for social care, health care and education.
“We don’t want that to fall into the wrong hands or have that deleted.
“It bothers me that big organisations are complacent about this because these are not new issues.”
Last week the council’s audit and risk manager Dafydd Lewis warned a successful cyber attack on a Scottish council was a matter of when not if.
His comments came after shortcomings in the local authority’s cyber security procedures were highlighted.
Mr Macrae fears the local authority could be subject to a similar attack to one targeting the Scottish Environmental Protection Agency on Christmas Eve 2020.
More than 4,000 documents were made public after the agency refused to pay a ransom to hackers.
The full financial impact of the attack is still unknown.
Mr Macrae said: “We saw what happened to Sepa. They are still recovering from that attack and they’re a much more impressive government quango.
“What hope has Moray Council if it were to suffer a similar fate?
“It just takes one person in the world and we’re scuppered.”
‘Scuppered’
In 2017 the US Department of Home Security banned Kaspersky products from government departments.
The move came after allegations the company was engaging with the Russian Federal Security Service (FSS).
Businesses have a legal obligation to assist the FSS.
There have also been reports confidential documents were stolen from the home computer of a US national security agent via the software by Russian government hackers.
Kaspersky, which has an estimated 400 million users worldwide, denies all the allegations.
A spokesperson for the council said: “Following the conclusion of our existing antivirus software contract we extended it for the minimum period possible to allow us to explore other options.
“This has been carried out in accordance with guidance published from the UK National Cyber Security Centre and with as little risk to the council as possible.
“The transition to new software will also be carried out with as little risk as possible, while ensuring the cyber security of the organisation, which remains our key focus.”
The UKNCSC has not banned the use of the Russian company’s antivirus.
However in 2017 it issued advice that government departments involved with national security should not use Kaspersky or similar products.
Conversation