Cyber Security: The Next Step in Municipal Preparedness

Technology is everywhere, even in government. Going with digital municipal offices is a real boon for towns and cities. Applications and hardware help connect governments with their people, allowing for more accessibility, visibility, and communication.

While technology is a complete upside for governments, it also creates an opportunity for bad actors. As technology gets more and more ingrained in operations, governments need stronger defense and a resilient tech stack.

Knowledge is Power: Training for Cyber Security

As municipalities start incorporating technology into their operations, they must have proper knowledge and training.

Municipalities oversee tax collection, investments, maintenance of free cash, bill payments, regulatory reporting, and the electronic transfer of funds. All of these functions, and more, contribute to making them a prime target for bad actors.

Governments should train stakeholders on social engineering and how to recognize phishing and other scam attempts. Phishing attacks primarily take form in emails or malicious websites with the goal of stealing personal information, like account usernames and passwords. When the COVID-19 pandemic first began, remote working made governments and municipalities much more vulnerable, creating a seemingly easy target for bad actors.

Cyber attacks can have a massive impact on the organization. First, attacks disrupt the flow of the operations and allow bad actors to put their hands on funds, either directly or through ransom. Training is the first step in stopping these attacks. Often, this training can be the only barrier needed. Social engineering, relative to other attacking methods, is simple and requires less technical know-how.

If an attack does progress, your organization has to be quick on its feet and keep a level head. Run exercises and drills that allow stakeholders to see how an attack plays out, what their role is, and how to properly conduct themselves in the course of a response. Having the right training will help your organization respond faster, which will help lower the risk of the damages.

Sqeaky Clean: Practicing Good Cyber Hygiene

Local governments have a limited budget and may have to use technology that’s a bit behind other industries. Unfortunately, this increases the vulnerability of local governments. While increasing budgets is a battle best left to politics, understanding that this vulnerability exists gives local governments a slight edge back.

Training is a piece of that edge, but we’ve already discussed it. So another tool local governments can deploy is good data and cyber hygiene.

Attackers may opt to ransom an organization if they can’t gain direct access to funds and accounts. Data and processes then become targets for the actors. Locking a government out from assets and essential processes seems like a surefire for an attacker to get what they came looking for.

Data backups and alternate processes are a clever work around to this malicious strategy. While an actor having potentially sensitive information is still bad, a backup takes at least some of the power away from the attacker. The same goes for secure process alternates.

Ideally, your organization’s response is contained in a plan, one that immediately points to the locations of backups and how to spin up alternate processes.

Separately, your government should keep a close eye on its accounts and access. Compile a list of what accounts your organization holds and who has access to those respective accounts. Securely store and maintain that list and its information, as it may come in handy during a response or during the impending investigation. Bad actors, while rarely, can come from within.

Proper cyber hygiene ensures that data and networks are handled safely and helps create a layer of protection against hackers. Cyber hygiene should be a daily routine, much like personal hygiene, with checkups to make sure the health is well. Neglecting this routine could make your organization’s overall security posture suffer.

Preparedness for Cyber Security

Before all else, figure out what your municipality already has and what the gaps in your system may be. Acknowledging this early on will help when creating an effective strategy on how to handle any incidents that may occur. A number of tools and resources can help identify data and technical infrastructure that should go into your organization’s cyber incident response planning.

It’s important to secure your technology by implementing security best practices like regular backups, system updates, firewall maintenance, and annual vulnerability assessments. These habits will make your organization's tech stack more safe and dependable.