Cybersecurity is not only a concern for the federal government or large corporations. As the holders of sensitive information and the provider of essential human services, state and local governments should be concerned about cybersecurity as well. In fact, a recent study by the Center for Digital Government estimates that government agencies have lost more than 94 million citizens’ records since 2009, and that each lost record represents a cost of $194.1
Cyber-attacks continue advancing in their sophistication and have morphed from simple viruses and phishing scams to advanced threats that are not easily detected. With traditional defenses becoming obsolete and the threat of cyber-attacks growing, state and local governments require new methods of preventing, protecting against, and planning for cyber-incidents. As your government evaluates its cybersecurity needs, Baker Tilly state and local government consultants recommend taking the following actions in the near term:
- Implement an IT governance framework: An IT governance framework specifies decisions, rights, and accountability within your organization to encourage desirable behavior when using your organization’s IT resources. A key component of your IT governance framework is ensuring that proper controls, such as best-practice user authentication standards and software implementation plans, exist to guard against cybersecurity incidents.
- Educate your team: Does every individual in your organization understand his or her role in keeping your IT environment secure? While your IT staff is likely educated on cybersecurity, other employees need to understand basic cyber-attack prevention. Incorporating cybersecurity policies and procedures into the onboarding process and hosting annual cybersecurity trainings for all staff can significantly reduce your government’s risk.
- Keep your technology updated: Proper maintenance of firewalls and anti-virus software is an easy way to help protect the organization. Updating spyware and anti-virus software daily and installing software security patches as quickly as possible are critical to cyber-attack prevention.
- Create a response plan: Having a cyber-attack response plan is as important to state and local governments as having a disaster recovery plan. Just like your disaster recovery plan, each person needs to understand his or her role in the event of a cyber-attack. Regular updates will help ensure that you are prepared when a cyber-attack occurs.
State and local governments are more than just guardians of citizen and employee data. From municipalities and school districts to utilities and transit authorities, these organizations provide vital services that keep criminals off the street, ensure the delivery of potable water to every home, and educate the next generation. Unfortunately, cyber-attacks are an evolving threat with which every local government will ultimately contend. Implementing the protective measures outlined in this article can be a first step in reducing the risk of a cybersecurity incident and protecting the citizens who rely on these services.
For more information on this topic, or to learn how Baker Tilly state and local government specialists can help, contact our team.
1Center for Digital Government. “Advanced Cyber Threats in State and Local Government”. January 2014.