Email Security for Parish Councils

Protecting Against Phishing and Cyber Threats

Email security is a critical concern for parish councils, as cybercriminals often target local government organisations with phishing attempts and fraudulent emails. Ensuring that emails are legitimate and safeguarding sensitive information is essential to maintaining council operations securely. Here are key practices to help identify and prevent phishing attacks.

1. Use Official Council Email Addresses

  • Avoid using personal email accounts for council business.
  • Ensure that all council members and staff use official, domain-based email addresses.
  • Regularly update and manage council email account access.

2. Recognise Common Phishing Signs

Although the following will weed out the most obvious phishing attempts, you should be aware that a lot of these emails now look very official, with official logos and branding. They may appear to come from CPanel, Stackmail or Roundcube asking for you to verify your email or change you password.

  • Suspicious Sender: Check for slight misspellings or unofficial domains in email addresses.
  • Urgency or Threats: Be wary of emails demanding immediate action, such as urgent payments or security updates.
  • Unfamiliar Links or Attachments: Hover over links to verify their destination before clicking.
  • Poor Grammar and Formatting: Many phishing emails contain typos, inconsistencies, or generic greetings.
  • Requests for Sensitive Information: Legitimate organisations will not ask for passwords, bank details, or personal data via email.

3. Verify Email Authenticity

  • Check that the sender really is who they say they are. It is easy to spoof a from name (eg From: Roundcube), but when you click on the name to expand the details it will show you who the actual sender is which will often not correspond to the ‘From’ details.
  • Contact the supposed sender through a known, official phone number or email address before responding.
  • Cross-check any suspicious requests with other council members or with your email provider.

4. Train Council Members and Staff

  • Conduct regular training on email security and phishing awareness.
  • Share examples of common scams and phishing attempts.
  • Encourage reporting of suspicious emails.

5. Implement Strong Email Security Measures

  • Use strong passwords at all times. These should be at least 8 characters long and include uppercase and lowercase letters, numbers and special characters.
  • Enable email encryption to protect sensitive communications.
  • Regularly update email software and security patches.

6. Have a Response Plan for Phishing Incidents

  • If an account is compromised, immediately change passwords.
  • Notify affected parties and take steps to mitigate potential damage.

By following these best practices, parish councils can enhance email security, protect sensitive information, and prevent cyber threats from disrupting operations. Staying vigilant and fostering a security-conscious culture within the council will help safeguard against evolving digital risks.