Mayo County Council defend 'extreme' IT security measures

Mayo County Council receives over three million emails per annum and that 93,000 received monthly could 'be malicious' and bring down its services.

A report on the ICT Department of Mayo County Council and operations in respect of ICT Security was delivered to local councillors after a number had complained that the current email service is cumbersome with emails getting lost in quarantine.

Deiredre Lavelle, Head of Information Systems defended the security procedures around their email service stating that government organisations are a prime target for cyber attacks.

READ: IKEA announces new Mayo site for click and collect

“The cyber threat landscape continues to evolve, with local government organisations increasingly becoming prime targets for malicious actors. As providers of essential public services, local governments face a heightened risk of cyber-attacks that can lead to severe operational, financial, and reputational consequences.

“Breaches can expose personally identifiable information (PII) of residents, including addresses and financial records. Such incidents not only violate data protection regulations but also erode public trust,” she told the February monthly meeting.

The meeting heard that email accounts can serve as a 'gateway' for cyber criminals to infiltrate Mayo County Council's systems and networks with phishing attacks, ransomware, and Malware among the main threats. To try to mitigate this, Ms Lavelle said the council implemented a multi layer security security measures including Multi-factor authentication (MFA), advanced detection and monitoring to identify and respond to these potential breaches.

At the January meeting of Mayo County Council, Cllr Donna Sheridan stated that councillors were not receiving emails from Oireachtas members as it was going into quarantine and going unnoticed.

In response, Ms Lavelle explained that there is no issue with an Oireachtas member emailing directly from their email but if they are using some form of mailing service such as Mailchimp this will activate its detection services due to the higher risk.

Ms Lavelle also explained that when an email is quarantined the recipient can request for it to be released and on average this takes two to three hours to complete.

Cllr Sheridan thanked Ms Lavelle for her presentation but described the system as tiresome and cumbersome.

“Instead of progressing with IT and making it more accessible it has become less accessible and more difficult. It is very reputationally damaging to us if we don't receive emails or the information requesting,” she said.

Cllr Michael Kilcoyne also questioned the number of emails which were being quarantined while Cllr Peter Flynn described the security measures as 'extreme'.

However a number of councillors defended the email system saying that it would be far more expensive if the council was a victim of a cyber attack.

Chief Executive of Mayo County Council, Kevin Kelly said that cyber security is one of the top items the council has to consider and that is why significant measures are in place.

“The focus is on local authorities and public service organisations in terms of these attacks. Following the conversation at the last council meeting and subsequent media coverage I got a number of unsolicited requests from companies to help me sort out the problems with our IT systems.

“The thought occurred to me that there are probably some characters out there wondering if there is a problem in the IT system and is there a gate we can get into. That is the world we live in now,” he said.