It's not just the private sector that has to concern itself with data breaches. There is a laundry list of state and local government entities that have fallen victim to cyber-attacks to the tune of millions of dollars in damages. In 2018, the city government systems in Atlanta suffered a ransomware attack that compromised everything from the wifi at the international airport to years worth of police records and video evidence. As attractive targets for cybercriminals, executives must implement some cyber security best practices for municipalities and their networks and systems.
Why Target Local Governments?
There are several reasons why municipal governments provide such a temptation for bad actors. The wealth of personal information and payment details stored in their systems, lax cybersecurity practices, and an ever-increasing number of internet-connected devices combined to create a perfect storm. Whether the attacker is a criminal in search of profit, a foreign nation, or a terrorist, the damages and resulting fallout can be substantial, and that doesn't begin to consider the total cost of recovery.
Improving Your Cybersecurity Posture
As a government official, there are many cyber security best practices for municipalities that you can put into place. While you can't account for every possible attack vector, these tools can help you mitigate some of the risks you currently face.
The very first step that you should take is a cybersecurity risk assessment. This can be done by in-house IT staff or a vendor, but without an objective analysis of the state of your networks and any gaps in your cybersecurity approach, any prospective changes may have a very limited effect.
One of the more common sources of lost sensitive data for small businesses and local governments is misplaced or stolen devices. Whether we're talking about storage devices like portable hard drives, USB drives, or internet-connected devices such as laptops, cell phones, and tablets, unencrypted data stored within these pieces of equipment is at risk even if the device is password protected. Programs exist that can circumvent the password requirement to copy unencrypted data directly from the device. For this reason, requiring encryption on all city-owned devices is a cyber security best practice for municipalities of all sizes.
Multifactor Authentication and Password Management
Strong passwords and multifactor authentication are absolute necessities for any agency concerned with cybersecurity. Providing a password vault application for use will both enhance security and also aid in ease of use for your staff which will help increase compliance with policies.
Regularly Backup Data
Scheduling regular automated backups of your systems provides an added layer of security that many don't consider until it's too late. Aside from non-malicious sources of corrupted or lost data, ransomware attacks and other malware infections can cripple networks. Having a full system backup scheduled every 24-48 reduces the amount of data lost and effectively negates any reason to consider complying with ransom demands.
Personnel training is easily one of the most important cybersecurity practices we can recommend. The best policies in the world will be wholly ineffective if your staff isn't provided with the information necessary to explain the reasons behind the policy, why it's effective, and what a potential attack may look like. This must be a continuous program that reinforces the behaviors that you want to see.
Proper Disposal of Devices
All of these steps to secure your critical information are for naught if you fail to properly dispose of your devices at the end of their lifecycle. At West Coast Computer Recycler, we provide e-waste recycling services for the Los Angeles and Orange County metro areas. A simple search for e-waste recycling near me can provide you with safe disposal options for your area if you're from further away.