An Urgent Need for Email Security in Local Government: Protecting Citizens and Preserving Public Trust

Matt Smith
16 June 2023

In the digital era, local government plays a critical role in delivering essential services to its communities. However, the increasing prevalence of cyber threats poses a significant risk to the security and reputation of councils. It is imperative for senior leadership, including mayors and council members, to recognise the alarming consequences of neglecting email security and the urgent need to implement robust protocols like SPF, DMARC, DKIM, and TLS. This article highlights the potential dangers of inadequate email security in the context of local government and underscores the importance of prioritising these protocols to protect citizens and preserve public trust.

1. Vulnerability to Impersonation Attacks:
Imagine a scenario where a cybercriminal impersonates a local government official, sending fraudulent emails that appear authentic. Without proper email security measures like SPF, DMARC, and DKIM, it becomes challenging to differentiate between genuine and malicious communications. Such impersonation attacks can have severe consequences, including misinformation dissemination, financial fraud, or manipulation of public sentiment. Implementing these protocols establishes a strong defence against email spoofing, preventing the misuse of your government’s trusted identity.

2. Exploitation of Citizen Information:
In the absence of robust email security, cybercriminals can target local government to gain unauthorised access to citizens’ personal information. Consider the aftermath of a successful phishing attack on a local government’s email system, where sensitive citizen data, including national insurance numbers, addresses and financial details, are compromised. This data breach not only exposes citizens to identity theft and financial losses but also erodes public trust in the council’s ability to safeguard their information. Implementing DMARC policies and DKIM signing helps mitigate the risk of phishing attacks, protecting citizens’ sensitive data and preserving their trust in the council.

3. Manipulation of Public Services:
Local authorities provide essential services that communities rely on, such as social care, waste management and emergency response. Now, imagine a scenario where malicious actors intercept and tamper with critical emails between government departments or emergency service providers. Without proper email security measures like DKIM and TLS, attackers could manipulate communication, leading to disrupted services, compromised public safety and potential chaos during emergencies. By ensuring email integrity and encrypting email transmissions with TLS, local governments can safeguard the continuity and reliability of their services, ensuring the well-being of their citizens.

4. Damage to Government Reputation and Public Trust:
The repercussions of email security breaches extend beyond immediate financial and operational consequences. Consider a situation where cybercriminals successfully compromise a local government’s email system and use it to spread false information or launch cyberattacks against other organisations. The resulting damage to the council’s reputation, public perception and trust can be significant and long-lasting. Citizens may question the competence and reliability of their council, affecting community engagement, cooperation, and overall public support. Implementing strong email security protocols helps protect the council’s reputation, ensuring that citizens have confidence in the accuracy and trustworthiness of official communications.

For local government, prioritising email security is not just a technical matter, it is a critical responsibility towards citizens and the preservation of public trust. Without implementing robust protocols like SPF, DMARC, DKIM and TLS, councils remain highly vulnerable to impersonation attacks, data breaches, manipulation of public services and damage to their reputation. It is imperative for senior leadership in local government to recognise the potential consequences of inadequate email security and take swift action to implement and configure these protocols. By doing so, local governments can effectively protect citizens, preserve public trust, and ensure the continued delivery of essential services while mitigating the ever-evolving threats posed by cybercriminals.

The Cyber Technical Advisory Group (CTAG) has been working with councils across the UK for a number of years to help them improve their email security. In general, the picture for local government in the UK is a good one. However, there are still plenty of councils that need to improve and CTAG can help with that.

CTAG run regular free virtual workshops covering a wide variety of topics. One such topic is “Securing your email domain” and this is highly recommended to any council who is struggling with their DMARC & SPF implementation.

To register for any of the CTAG workshops, please visit:

Matt Smith is the CTAG Engagement Lead as well as being the Group Manager for both the London (ISfL) and SE WARPs.