Home working has made Dundee City Council more open to fraud and hacking, bosses are being warned.
A report on the security risks the local authority faces due to the coronavirus highlights staff working at home and changing departments, as well as rising costs and increased demand on resources.
A risk register, highlighting 21 potential problems, from fraud attempts to poor staff morale, will be presented to the council’s scrutiny committee today (Wednesday).
The register warned there is a serious risk of an “unsustainable drain on resources beyond the immediate [coronavirus] crisis ending”.
In his report, Gregory Colgan, director of corporate services, said: “The Covid-19 pandemic has brought significant challenges across the Scottish public sector as bodies seek to deliver services for individuals, communities and businesses in an extremely difficult time.
“Since the start of the pandemic, the risk of fraud and error has increased as organisations become stretched, and controls and governance are changing.
“These risks are emerging for a range of reasons including public-sector staff working remotely and under extreme pressure, an increase in phishing emails and scams which try to get staff to click on links which allow fraudsters to access public sector systems, government packages to support individuals and businesses being provided quickly, possibly with a lower level of scrutiny and due diligence than has previously been in place.”
The warning has been echoed by Audit Scotland and a national guide to protect councils has been issued.
It said: “Public sector staff are working under extreme pressure as a consequence of the scale and pace of change created by the pandemic and the need to respond rapidly to unfolding events.
“This may mean that some internal controls are suspended or relaxed. For example, the segregation of duties between colleagues for completing tasks and subsequent checks may not be possible due to unforeseen capacity issues or the lack of availability of more senior or experienced staff.
“Staff transfer between departments, for example, to new areas such as those responsible for distributing funding to support people and businesses most affected by Covid-19, may also leave some areas under-staffed.
“Furthermore, inexperienced staff may be working remotely without a full understanding of the required procedures and controls.
“As staff work remotely, there may also be potential security risks such as an increase in cybercrime.”
The guide encourages public services to carry out new risk assessments to take into account changes prompted by coronavirus, reviewing IT security and giving all staff any necessary training.
