€4.2 million budget as local authority in Mayo protects IT systems
MAYO County Council's budget for IT for 2025 is €4.2 million.
Receiving more than three million emails each year, the local authority faces significant cyber security threats each day.
Elected members were updated on the IT section's work after they voiced frustration about emails being quarantined. They then have to seek for them to be released.
The publicity around that debate last month saw a number of unsolicited requests from companies looking to 'sort out' their IT problems, chief executive Kevin Kelly revealed.
It was probably people wondering was there an issue and is there a gate they can get into, he remarked.
In a report, IT head Deirdre Lavelle said they manage IT resources for 1,200 licensed users, 1,500 laptops and desktops, and 1,000 mobile phones and tablets deployed across the county in area offices, libraries, fire stations, and other council facilities, as well as for councillors.
Multi-layered security measures are implemented, with key concerns being phishing attacks, ransomware and malware and advanced persistent threats (APTs).
The total number of emails received on a monthly basis is 256,000, with 289 requested for release. Of those, 284 are released.
On an average monthly basis councillors request six emails to be released.
Of the 256,000 emails received each month approximately 93,000 could be malicious and bring down services, the report added.
All emails are scanned for malicious content and it an email contains something suspicious it is quarantined. The recipient can request its release.
When using a newsletter or mailing service external to Mayo County Council, the chance that an email will be detected as spam/marketing is increased.
Where a standard genuine email address is blocked it can be successfully unblocked for future correspondence.
The approach is to take all reasonable and necessary precautions having due regard to the impact on business to minimise the possibility of a successful attack and to minimise the impact of such an attack in order to ensure that Mayo County Council’s reputation and systems are not compromised.
Councillor Donna Sheridan said she had raised the quarantine issue out of frustration, saying it was reputationally damaging if they can't get emails and information. If they ask for emails to be white-listed they should be.
She no longer includes her council email on advertisements as she can't be guaranteed she will get emails. It was about not having confidence in the system.
Councillor Michael Kilcoyne said where an email is released today, one from the same sender tomorrow ends up in spam. Even though white-listed they continue to be spam.
Councillor Damien Ryan made the point that we live in an era of cyber threats. That comes with inconvenience but it was important all systems are protected.
Other councillors raised communications issues relating to the council phone system. If they miss a call, unless a message is left there's no way of knowing who called, only that it came from within the council.