Category Archives: Information

6 ways to make your council website more secure

We can’t emphasise enough how important it is to keep your town, parish or community council website safe and secure from hackers. According to Securityweek.com, approximately 18 million websites (that’s 1% of the nearly 2 billion websites online right now) are infected with malware and that the average website is attacked 44 times each day.

1. Use an SSL certificate for your website

An SSL certificate is used to provide a secure connection between the server and the visitor to your website. These are now pretty much mandatory, with Google marking any website that doesn’t have one as ‘unsafe’.

How can you tell if you town, parish or community council website has an SSL certificate?

When you are visiting your site, look at the address bar at the top of the browser. Does the address begin https:// and display a padlock icon just before the address? If it does then you have an SSL certificate installed and working. If your address just begins http:// (without the ‘S’) then you need to get one installed. Just contact your website provider and ask them to install one for you.

2. Use a strong password to log into your website

Make sure that the password you use contains upper and lower case letters, numbers and special characters. It is a good idea to use different passwords for each site you use, as if there is a data breach on one site, the hackers don’t gain access to other sites you use. This is especially important on any sites where you buy things such as Amazon or Ebay, but also for your website, because these are a target for hackers wanting to install malware.

3. Make sure you backup your website

This is imperative as if your site gets hacked you will need a backup copy to restore all your files and information. We have had lots of parish councils who have requested a new website and told us that their existing site got hacked and they lost everything. Just like any computer system – make sure you have backups and that they are stored off-site.

A good hosting company will keep regular backups of your site. It’s worth checking with your provider to see if they do this.

4. Keep you software up to date

Providers of Content Management Systems (CMS) software such as WordPress or Joomla and the makers of the software that adds functionality to your town or parish council website constantly provide updated software with added security enhancements, in much the same way as your computer updates it’s operating system (usually Windows for those on a PC) from time to time.

You should always make sure your website is running the latest versions of all software that will include patches for any vulnerabilities that are discovered. You should also delete old unused software, as this can still act as a backdoor for hackers, even if it is not in use.

5. Don’t use the default usernames and log in page

When your site is first installed, the installation program usually sets up a default user to be the main site administrator. So for example WordPress uses ‘admin’ as the default name and https://[yoursite]/wp-admin or https://[yoursite]/login to get to the login page. If you use these defaults, hackers already have 2 of the 3 pieces of information needed to log in and hack your site – the third being your password.

If you change these settings from the default, hackers would need to guess 3 pieces of information to hack your site – the username, the password and the login page.

If you site is set up in this way, you can ask your website host to make it more secure.

6. Use a firewall and anti-malware software

Just like on your computer, it is vital that you have security software installed to protect your site. There are lots of security systems available depending on what platform your site is running on. You can ask your website host about the options available.

To get a quote for our hosting service – which includes all the features listed above, you can visit: Get a Quote

Choosing the best website for a town or parish council

When choosing a parish council web provider it is very important that your new site is safe, secure and compliant.

Town and parish council website legal requirements

There are now a host of regulations out there that local council websites must comply with.

The main ones are that your site is:

  • GDPR compliant
  • Transparency code compliant
  • Accessible

Town and Parish council website hosting

When choosing a host for your website there are a number of factors to take into consideration

  • Security – where to begin on this huge subject… Well it’s imperative nowadays for sites to have an SSL certificate which means that the connection between the visitor and the server is encrypted. You should also make sure you use strong passwords.
  • Backups – it’s imperative to maintain backups of your site content. We’ve heard from so many people who’s sites have been hacked and they have lost everything because it wasn’t backed up.
  • Speed – it’s important for your users that your web pages and files load quickly, especially for those living in rural areas with slow internet connections.
  • UK-based hosting – while not imperative, this is desirable. It means that when your visitors click on your site the signal doesn’t need to be bounced to America and back (for example), which helps with site speed. It’s also desirable for GDPR, ensuring that your information is hosted in the UK.

Easy to use websites with help and support

You want a website that is easy to maintain and update.

It’s best if you are able to do this yourself as this means that you don’t experience delays in getting someone to make changes to your site and can do alteration as and when you need to.

You can’t beat having a friendly voice on the end of the phone or email who will answer any questions you have – so much quicker and easier than poring through help documents or watching endless YouTube videos.

Email accounts explained

With the advent of GDPR, town, community and parish Councillors and the clerk should no longer use personal email account for council business.

There are two main types of accounts: free web-based emails such as hotmail or gmail and hosted email accounts where the email address uses your domain name eg clerk@yourdomain.org.uk.

With hosted accounts there are 2 types: POP and IMAP and the main difference between these is that with IMAP, messages are stored on the server and are accessible from anywhere and with POP accounts messages are downloaded to the user’s computer.

Hosted Accounts

IMAP accounts

Pros

  • Messages are stored on the server
  • You can access your email from any computer or device that is connected to the internet
  • You don’t need to be connected to the internet to view received messages or compose new messages, but you need to be connected to send or receive messages
  • You can use either an internet browser or an email program such as Microsoft Outlook or Thunderbird to access your emails
  • The council has control over all email accounts and can request the removal of an account and deletion of messages if a Councillor or clerk leaves the council
  • Your email address uses your website domain name – giving a more professional appearance

Cons

  • You will need to pay to have the accounts set up and maintained
  • Most companies will charge extra for storage space for the email messages

POP accounts

Pros

  • Messages are downloaded to the your computer
  • You need a program such as Microsoft Outlook or Thunderbird to access your emails
  • You don’t need to be connected to the internet to view received messages or compose new messages, but you need to be connected to send or receive
  • The council can request that an account be removed if a Councillor or clerk leaves the council, and that account will no longer work, although messages already downloaded will remain on the user’s computer (see Cons below)
  • Your email address uses your website domain name – giving a more professional appearance

Cons

  • You will need to pay to have the accounts set up and maintained
  • You can only access the messages on the computer that the messages have been downloaded to
  • If you request that an account be removed, messages that have already been downloaded will remain on the user’s computer unless they delete them

Free web-based accounts

Pros

  • You can access your emails from anywhere connected to the internet
  • It’s a free service

Cons

Personal email accounts and GDPR

We often get asked the question: should the clerk or Councillors be using their personal email accounts for council business?

While this wasn’t a problem in the past, the new GDPR regulations mean that it isn’t advisable. There are 2 main reasons for this – under GDPR, people have:

  • The right to access all information that you hold about them
  • The right to be forgotten (ie have all information you hold about them erased)

Fulfilling both of these obligations can be difficult when the clerk or Councillors may have information buried within their personal communications. Also, if the clerk or a Councillor has left the council it will be difficult and time-consuming to retrieve or delete all the information shared as part of council business.

There are 2 ways of solving this problem:

  • Get your Councillors to set up dedicated council email accounts using a free online email such as hotmail. When a Councillor leaves the council, they can simply delete the account and all the content.
  • Set up POP or IMAP accounts for your Councillors. Your web hosting company will be able to do this for you, but there will most likely be a charge.

We will be going into more detail about different types of email accounts later.

To read our latest stories:

Follow us on Facebook

Follow us on Twitter

 

 

Making your website GDPR cookie compliant

What is a cookie

A cookie is a small text file that is downloaded onto ‘terminal equipment’ (eg a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions. Cookies are used by virtually all modern websites.

Cookie consent

Users must be given the option to consent or refuse to accept cookies. Cookies must be deactivated until that consent is given. The exception is for cookies considered Strictly Necessary, such as cookies that are set when a user logs into a site  and that are required to ‘remember’ this fact.

The only way to fully comply with the new GDPR restrictions on cookies is to set up a ‘granular’ cookie consent bar. This enables users to refuse certain types of cookie – for example analytics cookies or marketing cookies.

Your cookie policy needs to be up to date.

GDPR demands that specific document is provided, detailing which cookies are set by your site, and what they do.

Our GDPR-compliant cookie consent package includes three key components:

  • GDPR compliant cookie consent function to allow the visitor to choose which types of cookies are set, in compliance with GDPR regulations.
  • Custom Privacy Policy page including content compliant with GDPR legislation.
  • SSL certificate installed and configured for your site.

Read about our GDPR-compliant packages here

GDPR – creating a compliant Privacy Policy page

We’ve included some of the basics to help you get started. In general, most privacy policy laws require you to inform users of:

  • Your name (or business name), location, and contact information;
  • What information you’re collecting from them (including names, email addresses, IP addresses, and any other information);
  • How you’re collecting their information, and what you’re going to use it for;
  • How you’re keeping their information safe;
  • Whether or not it’s optional for them to share that information, how they can opt-out and the consequences of doing so;
  • Any third-party services you’re using to collect, process, or store that information (such as an email newsletter service, or advertising network).
  • Who is collecting the data?
  • What data is being collected?
  • What is the legal basis for processing the data?
  • Will the data be shared with any third parties?
  • How will the information be used?
  • How long will the data be stored for?
  • What rights does the data subject have?
  • How can the data subject raise a complaint?

Read about our GDPR-compliant packages here

You can read more on the ICO website:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/

GDPR – is your website compliant?

You’ve probably seen and heard lots about the new GDPR legislation which came in a few weeks ago, but might not know exactly what it means you have to do to ensure your website is compliant after 25th May.

1) You need an up-to-date Privacy Policy.

You need to publish your privacy policy. This document must contain information about how your council processes any personally identifiable information, how long it is retained for and why you need to process it.

All our websites come with a page ready for you to add your policy to, linked into the site footer so users can easily find it.

Read more about privacy policies here.

2) Cookies

You might think your site doesn’t set cookies. However, cookies are an essential part of the functioning of all modern websites. For example, any site that you log into to make changes sets cookies to enable you to do this. So virtually all websites set cookies, including yours.

GDPR places new restrictions on cookies, as detailed here: https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/

To clarify this, you are obliged to:

  • tell people the cookies are there
  • explain what the cookies are doing and why; and
  • get the person’s consent to store a cookie on their device
    • consent must be freely given, specific and informed
    • users should be able to disable cookies, and you should make this easy to do

There is an exception if the cookie is ‘strictly necessary’

Read more about making your website GDPR cookie-compliant here.

 

I realise this is a lot to take on. GDPR has resulted in a massive bureaucratic burden. We are here to take control of GDPR compliance for you and reduce any worries you may have.

Read about our GDPR-compliant packages here

Next Transparency Code Deadline: 1 July

Yes, it’s that time of the year again. You need to publish the following information no later than 1 July in the year immediately following the accounting year to which it relates:

  • All items of expenditure above £100
  • End of year accounts
  • Annual governance statement
  • Internal audit report
  • List of councillor or member responsibilities
  • Details of public land and building assets

More details are available on pages 6-9 of this document: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/388541/Transparency_Code_for_Smaller_Authorities.pdf

 

What is a responsive website and why does it matter?

A responsive website is one that adjusts to different screen sizes, whether someone is viewing it on a phone, tablet or desktop pc.

How can you tell if your site is responsive?

Simple, either view it on a mobile phone or if you are looking at it on your computer, just drag the edge of the browser to make it narrower and watch how the site responds. If you find that the site stays the same but just get smaller you are not offering your users a good browsing experience as it is difficult to read the text. A good design will re-flow – the different elements will rearrange themselves so that the content is easy to read at different screen sizes.

Alternatively, visit Google and enter the URL (web address) of your site: https://search.google.com/test/mobile-friendly

This is important for a number of reasons:

  • Nowadays, more people browse the web using their phone than using a traditional pc.
  • Sites that are not responsive can be hard to read on smaller screens or can result in the user having to scroll sideways to view the full page content.
  • Google prioritises sites that offer a good mobile experience – this means you site will rank higher in search results.

How can we help?

All our sites are designed to be fully responsive as standard. Let us set you up a new modern website.

Request a Quote Now!

REQUEST A QUOTATION