Multi-State Information and Sharing Analysis Center
Click here to visit the Department of Homeland Security’s site on National Cyber Security Awareness month.Many of our critical government services rely on the Internet and technology to function. While this inter-connectivity has many benefits — such as convenience and efficiency — there are risks associated with this digital environment. The cyber challenges facing us continue to escalate.
We only need to look at the headlines to understand that the risks are real and that local governments are vulnerable: so-called “hacktivist” groups targeting local police departments across the nation, disgruntled employees hacking into municipal networks, and public health records being stolen by cyber criminals are just a few recent cases targeting local governments.
Some specific examples of how your county’s computer system could be affected by a cyber security incident — whether because of improper cyber security controls, man-made or natural disasters, or malicious users wreaking havoc — include:
-
- your websites being disabled and unavailable to your citizens
- criminals breaking into your systems, and stealing personal and sensitive information about your employees or citizens
- a virus shutting down your network
- a laptop or mobile device being inadvertently lost, putting any data on that machine at risk for compromise, or
- a malicious user using your systems to attack other systems.
These and other information security incidents would certainly hamper your ability to provide services to citizens, may be costly to recover from and could result in a loss of public confidence.
Local governments have a responsibility to citizens and business partners to safeguard the information with which they are entrusted and to keep mission-critical operations functioning.
Don’t Get Overwhelmed…Get Started
Addressing these challenges can seem daunting. It is difficult to know what to do or how to get started especially for those with a lack of experience or resources to address the constant evolving and increasing threats from cyberspace. But there are many proactive steps that can strengthen your county’s cyber security posture, and many of them can be implemented with a relatively small amount of fiscal and staff resources. In fact, a recent report found that 96 percent of data breaches could have been avoided if simple controls were in place.
Steps Every County Official Should Take
Designate a principal individual responsible for cyber security. This may be a part-time or full-time assignment, depending on the scope and complexity of your organization’s operations. It may be your county’s information technology director, a third-party consultant or other designee. Make sure this individual can provide you with answers to these questions:
How are we protecting our cyber infrastructure and residents’ data?
What policies and procedures are in place for physically protecting our equipment from unauthorized access, loss or theft?
What is our plan for responding to a cyber security incident, and what cyber security policies are in place? Is staff trained on those policies?
Make sure that cyber security is factored into business decisions and that those responsible for cyber security in your county are involved in the discussions whenever a new program or service is being considered.
Serve as the champion for cyber security in your county. Make sure you adhere to best practices, such as using a strong password, never opening unknown attachments in emails and only visiting trusted websites.
Engage the Multi-State Information Sharing and Analysis Center for Help
For assistance with any of the above tips and to learn more about keeping your county protected, contact the Multi-State Information Sharing and Analysis Center (MS-ISAC). The MS-ISAC is a division of the not-for-profit Center for Internet Security, and is designated by the U.S. Department of Homeland Security as a key resource for cyber threat prevention, protection, response and recovery for the nation’s state, local, territorial and tribal governments.
The MS-ISAC provides a number of resources at no cost to its members, including incident response; cyber alerts and advisories; monthly Web cast meetings; annual in-person meeting; trainings and exercises; annual Cyber Security Awareness Month materials; and a community of practice for information sharing between and among states and local governments. There is no cost to join the MS-ISAC, and membership is open to all state, local, territorial and tribal governments.