If you don’t have a cyber security plan in place, you can’t afford not to.

Local municipalities are under a growing threat from cybercriminals. Now more than ever before, residents need reliable, real-time access to information from public officials. While there is never a convenient time for a cyber-attack to take place, imagine how damaging a data breach would be if it impacted the ongoing COVID-19 response or vaccine rollout? Since 2017, cyber-attacks on local government rose by almost 50%, according to the “State and Local Government Security Report” released by cybersecurity firm BlueVoyant in August 2020. Because of the large amount of highly sensitive personal information that can be accessed including date of birth, social security number, next of kin, and current and previous addresses, (all of which can be used to steal a person’s identity) local and state government data is a prime target for malicious cyber-criminals. If you fall into the pool of local municipalities that are unprepared for an attack since transitioning some (or all) of your employees to telework, read on to save your team and your community from a huge financial and emotional headache.

Following the simple steps below can help you avoid:

• Financial losses from theft of banking information
• Financial losses from disruption of governmental operation
• High costs to rid your network of threats
• Damage to your reputation after telling public their information was compromised

Start with the basics of data safety.

Keeping your community safe requires your own computer systems to be protected. It may feel overwhelming to revise an existing plan, but it is crucial to protect your municipality. For starters, make sure all computers are equipped with antivirus and antispyware software, consider whitelisting programs and automate software updates. Use firewalls and spam filters as an additional line of defense. Keep your Wi-Fi network secure and hidden and create a wireless network for guests. The most secure way to offer visitors Wi-Fi access without allowing access to your municipality’s entire network is to create a subnetwork. Anti-malware solutions that combine signature-based detection and cloud-assisted technologies can also defend your devices against new, sophisticated threats.

Hackers can’t steal what you don’t have.

The more data you collect and store, the higher your cybersecurity liability. Residents are already entrusting you with a lot of highly sensitive, personal information. Don’t collect additional information you don’t need and only store information for as long as you have a legitimate need. It’s a best practice to also store data backups offline, as malicious software like ransomware becomes increasingly problematic for governmental institutions. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since malware attacks are often deployed by cyber thieves, paying the ransom doesn’t ensure access will be restored. Even when municipalities don’t pay, the costs can be staggering. For instance, the 2019 ransomware attack on Baltimore cost the City more than $18 million in damages and remediation.

Require unique passwords.

You’d be surprised by how many people still use “password” as the one and only defense against hackers. Remember, hackers have access to software that guesses passwords with common dictionary words. Consider implementing two-factor authentication procedures to offer an extra level of protection from hackers who may try to guess passwords. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, residents, and capital safe and secure. Your employees should also have their own individual account/passwords automatically reset every 30 or 60 days.

Frequently, cyber security breaches stem from human error.

These mistakes are easily preventable through training. Your municipality should have cybersecurity procedures in place that clearly outline employee responsibilities as well as reporting procedures for lost or stolen devices that contain sensitive data. The Federal Communications Commission offers a cyberplanner to help organizations create a plan to protect their information. (You can generate a customized plan at the bottom of the page after you create it.) Educate and re-educate employees on current best practices so they understand the implications of a data breach, as well as the magnitudes for violating your security protocols.

Ultimately, the way your municipality prepares for and responds to a potential data breach can make or break your reputation. Protect your reputation and your community’s valuable information by preparing for the worst-case scenario and recruiting teams of experts to assist you. From IT, to PR, to financial preparedness, make sure you have your bases covered, and your team is informed. To consult a trusted RBT advisor, don’t hesitate to contact us today.