This article is posted with permission from VC3's blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. VC3 is solely responsible for the article’s content.
There’s an old quote—“the cavalry isn’t coming”—that means waiting around for help just isn’t going to happen. It’s a good quote to help us face reality and solve our own problems when they are within our means to solve.
Over the past few years, we’ve seen a concerning trend. Many local governments appear to think the cavalry is coming. It may be in the form of hoping for federal or state government aid—such as the upcoming American Rescue Plan—and thinking money alone will solve cybersecurity problems. It may be in the form of depending on federal and state agencies to figure out and fix cybersecurity problems for local governments. It may be in the form of relying on the FBI and law enforcement to handle the worst consequences of a cybersecurity attack on your municipality.
When small municipalities claim not to have the resources necessary to implement cybersecurity best practices, we grow concerned because many cybersecurity best practices are rooted in behavior and policy—not cost.
So, what can your town or city do instead of waiting for the cavalry? Here are a few “do it yourself” cybersecurity best practices that can help you prevent ransomware and cyberattacks while keeping your costs and resource utilization low.
1. Practice basic “cyber hygiene.”
“Cyber hygiene” is a lot like personal hygiene. Many bad habits are easily corrected—at little cost—by following a few best practices such as:
- Patching and updating software to eliminate security vulnerabilities
- Using an enterprise-level antivirus solution to proactively monitor for and prevent viruses
- Using a business-class antispam solution alongside your email to prevent most phishing emails from even getting into your inboxes
- Creating inventories of your hardware, software, and applications to make sure you know the location of your assets and if any vulnerabilities exist (such as unauthorized software or a lost laptop)
2. Train your people.
People are your weakest link with cybersecurity, but that weak link can become strengthened with training. With a very small investment in training, you can help your employees spot the signs of a cyberattack and lessen the chance of a virus ravaging your town or city. “How to Create Effective Cybersecurity Training for Cities” covers the structure of a cybersecurity training agenda in full detail.
3. Establish security policies.
There are a range of cybersecurity policies your town or city needs to establish and enforce. These policies cost little to implement and ensure that employees take cybersecurity seriously. Policies encompass common cybersecurity issues such as:
- Passwords—especially the strength and complexity of passwords. Weak passwords lead to security breaches.
- User access. Weak or nonexistent user access policies (such as everyone having admin access to a server) leads to security breaches.
- Oversight with the installation and deployment of hardware and software. Misconfigured or unauthorized hardware and software often leads to security breaches.
4. Back up your data.
Simply having an onsite and offsite data backup solution can alleviate a lot of cybersecurity worries. Many towns and cities with a strong data backup and disaster recovery solution can recover data even when they’re hit with ransomware or a virus. A data backup solution needs an onsite component for quick recovery, an offsite component (located geographically far from the town or city) to recover after a disaster, and periodic testing to ensure your data backup works.
5. Use an IT helpdesk to help monitor your systems.
You don’t need to hire a full-time IT professional. Instead, an IT partner can provide helpdesk services, and your state’s municipal league may offer services from their technology partner. These engineers can help proactively monitor your IT systems, prevent many cyberattacks before they happen, and go into action when ransomware or a virus hits.
If you wait around for help, you’ll wait a long time. And even if you receive money and “resources,” what will you do with it? Instead, start with what you can do.
- Implement basic cyber hygiene starting today.
- Schedule your first cybersecurity training session for employees.
- Begin creating cybersecurity policies.
- Ensure you have an onsite, offsite, and tested data backup and disaster recovery solution.
- Explore IT helpdesk resources offered by an IT partner.