Cybersecurity is at the forefront of many local government leaders’ minds today now more than ever – and for good reason. Recent research conducted by Sophos found that cybersecurity threats -- ransomware, in particular -- spiked last year with an astounding 60% of organizations falling prey to attack. This is a stark increase from 2020 where numbers were around 33%.
Even more interesting is the fact that almost 75% of these state and local government organizations had their data encrypted during the threat.
Unfortunately, the hard truth of the matter is that many municipalities lack the resources necessary in order to fully equip themselves with the staff, training, education, and technology they need in order to remain vigilantly protected against the myriad of threats out there.
The 10 Best Practices – Cybersecurity for Local Governments
With a little preparation, due diligence, and creative thinking, local governments can provide themselves with a strong cybersecurity foundation. The following is a list of the 10 best practices for local governments when considering cybersecurity.
1. Evaluate your organization
One of the first steps you’ll need to take when beginning your journey towards greater cybersecurity resilience is evaluating your organization.
Doing so can provide you with valuable information on the various gaps which need addressed. An evaluation can also provide you with an essential baseline to measure against in the future to ensure that your efforts are making progress.
Fortunately, local governments don’t have to rely on pricey vendors in order to conduct assessments.
There are a number of resources available for free which can help identify gaps and deficiencies which need improved upon.
For instances, the Department of Homeland Security offers a voluntary, web-based Infrastructure Survey Tool that organizations can use to assess their overall security and resilience. Their Cyber Resilience Review assessment is another resource which can be used and is conducted free of charged.
Those looking for a more immediate solution can tap into the Cybersecurity Infrastructure Security Agency’s Cybersecurity Evaluation Tool (CEST). This nifty little resource is an easily downloadable desktop application that can help organizations evaluate and analyze their resilience.
2. Start with the basics
Even the most simple of tactics can help provide you with a much-needed additional wall of defense against threats.
Are you updating your software on a regular basis?
The best approach is to configure updates so that they are automated.
You’ll also want to make sure that all important files and documents (both digital and physical), especially those containing sensitive information are backed up in a secure manner.
When it comes to physical devices, make sure that everything from laptops to cell phones and tablets are password protected and always stored in a safe and secure manner when not in use.
Data encryption and multi-factor authentication are also standard methods of security which should be leveraged.
3. Train your workforce
According to a 2019 report conducted by the Ponemon Institute, 24% of all data breaches are the result of human error.
There’s no getting around the human factor. Ultimately, an organization’s cybersecurity resilience is only as strong as its employees are educated and trained.
As a result, it’s essential to take steps to ensure that your staff has the skills and knowledge necessary to not only mitigate risk, but also identify potential threats and respond to them in an effective and timely manner.
4. Build a culture of security
It’s one thing to train your staff on a periodic basis, and it’s another thing to foster a culture of security.
It’s essential that steps are taken to emphasize the importance of security and that everyone is aware of their own individual unique roles in fighting against threats.
The last thing any organization wants is for cybersecurity to just be one more box their workforce has to tick off of their list of things to do.
Implementing true cultural transformation requires everyone at every level of the organization, especially leadership, to embrace change in a positive direction.
5. Leverage the NIST
Perhaps one of the most crucial federal resources that a local government can tap into are the ones available by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST).
The NIST is chock full of valuable information that can be used to evaluate, develop, and improve one’s management of cybersecurity risk.
The NIST Cybersecurity Framework, for example, provides organizations with a guide based on five pillars:
- Identifying risks
- Protecting against risk,
- Detecting risk
- Responding to risk
- Recovering from risk
It also provides users with an online learning module, examples of framework profiles, frequently asked questions and additional resources such as events, presentations and podcasts – all for free.
6. Get insured
Probably one of the most promising options for local governments looking to stay a step ahead of cybersecurity is cyber liability insurance.
Much like many forms of insurance, this can provide local governments with a policy that can help protect them from various expenses which might be incurred in the event of a data breach.
Cyber liability policies tend to be broken down into four basic categories for coverage:
- Privacy liability
- Network security
- Business network interruption
- Error and omissions
This is a great option which can help augment efforts already in place and provide municipal leaders with peace of mind.
7. Build partnerships
Building partnerships with external organizations is another great way to help alleviate the financial burden often associated with enhancing one’s cybersecurity infrastructure and resilience.
We’ve already touched upon the various resources available from the federal government, however, there are many other avenues which can be explored as well.
For one, local governments can leverage assistance at the state level by looking into their own state’s opportunities or using a resource such as the National Governors Association.
Partnership with local universities can also prove fruitful not just in terms of accessing assistance and building/strengthening community relationships, but also in terms of cultivating promising, young talent.
Local governments can also reach out to various local nonprofits who are eager to develop relationships and could also mutually benefit from partnerships.
8. Create a plan of action
At the end of the day, every local government needs a documented plan of action and a defined set of policies, procedures, and processes.
Whether you have a dedicated department which can lead this, or you pool efforts through a working group, creating a plan is essential to ensuring you and your staff are all aligned on the course of action to take in the event of a security breach.
Fortunately, there are numerous resources and guides available to assist with the task.
Agencies such as the Federal Trade Commission, the NIST, the Department of Homeland Security and the Small Business Association all have resources to help organizations in their efforts to develop documented strategies.
9. Stay up to date on the landscape
It’s important to remember that cybersecurity resilience is an iterative process.
Technology is a constantly evolving landscape and as a result, bad actors are continuing to become savvier in strategies and efforts.
What was classified as the epitome of cybersecurity resilience a decade ago pales in comparison to best practices now.
Likewise, what is on trend now will soon become out of date in the next five years.
The only way to truly remain resilient is by staying on top of the latest developments, trends, and best practices. Consistent monitoring and evaluation of your policies and protocols is essential.
Furthermore, it’s important to invest in training and education on a continuous basis so that you and your staff remain up to date on the latest risks and best practices for mitigating them.
10. Outsource cybersecurity needs
Sometimes, at the end of the day you may find that your best option is to simply outsource your cybersecurity needs.
While it is natural for local governments to be a bit wary when it comes to contracting with external vendors, the truth is that many of them already do – either fully, or at least partially.
In fact, a 2020 survey on the state of cybersecurity of municipalities in the United States found that 50.9% of local governments outsourced at least some part of their cybersecurity functions.
The main reason for this was simply due to the fact that the local governments lacked staff with specialized skills who could properly manage the lift.
Boosting cybersecurity resilience can seem like a daunting task.
Many municipalities often find themselves strapped for resources and struggle with acquiring the funds necessary in order to improve their infrastructure/capabilities.
Fortunately, there are numerous options available to local governments which can help them in their efforts to increase their cybersecurity resilience.
By staying proactive, educated, and resourceful, local governments can take steps to improve their processes and ensure that they establish a solid foundation for protection against threats.
VisioneerIT delivers dynamic cybersecurity solutions powered by industry-leading expertise, intelligence, and innovative technology. Contact us today at 703-844-0918 or visit www.visioneerit.com to learn more about how we can help you reach your goals in 2023.