Staffnet-Headertxt
Cymraeg Cymraeg

How to avoid security incidents, including data breaches

Do your part, be data smart!

A security incident is any event that compromises the security of our systems, information, or buildings, for example, a lost device, a cyberattack, or unauthorised access to a restricted area.

A data breach is a type of security incident defined as 'a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed'.

 

Think before you click

Think before you click

Cyber criminals are becoming more sophisticated, so it’s important to stay alert and think before you click. Be cautious of suspicious emails, links, attachments, or phone calls.

Always check who a message is really from, look out for unusual wording or requests, and if something doesn’t feel right, don’t click or reply.

To help protect Council information, make sure your devices are secure and up to date. Whenever possible, use Council IT equipment, as it has built-in protections to help reduce the risk of cyber attacks.

threats like malware, ransomware, and spyware can steal, lock, or damage data if given the chance. Staying vigilant helps protect not only your information but also the Council’s systems and the people we serve.

Learn how to be cyber secure with Cyber Security Syd

 

 Before you share be aware

Before you share, be aware

When handling personal or sensitive information, always take a moment to stop and check before you share. A few small steps can make a big difference in protecting data and avoiding a breach.

Before sending any document externally:

  • Remove or obscure sensitive information before sharing documents externally.
  • Only share information through secure sources.
  • Only share the minimum necessary data and ensure the receiving party is the correct party.
  • Use Information Sharing Protocols (ISPs) or follow the WASPI framework when sharing personal information with other organisations.
  • Consider whether a risk assessment is needed before sharing data, particularly when working with new partners or large volumes of personal information. You can use the Data Privacy Impact Assessment Template.

See below - Link to redaction and hidden documents (link to guidance)

 

 Building security

Data protection starts at the door

Keeping our buildings secure is everyone’s responsibility. Simple actions like these help protect both people and information:

  • Always wear your Council lanyard so colleagues and visitors can easily identify you
  • Take a moment to notice who is around you, do you recognize the person you just walked past?
  • Make sure windows and doors are closed and locked when leaving rooms or offices, especially after hours

 

 Share with care

Share information with care

The council has lots of information that is confidential or sensitive. When sharing or storing work-related information, always use Council email and approved systems. Avoid using personal messaging apps, such as WhatsApp, for Council business. Please see below guidance on using Whatsapp. Please note the use of Whatsapp is strongly discouraged.

Remember, even messages sent through personal apps or emails can still count as Council business and may need to be recovered and recorded if requested.

Be cautious when using Automated Decision Making (ADM) or Profiling, or Artificial Intelligence (AI) for work purposes, and always follow Council guidance to ensure data is handled safely. 

Here is some guidance for you to consider:

If in doubt, email the Information Governance Team or IT via halo.