Risky business: Protect your government from cyber threats
Article

Risky business: protect your government from cyber threats

Authored by Andrea Jansen and Barry Esch

Ransomware attacks on municipal governments have increased by more than 97% over the last two years, according to some sources.  According to Verizon’s 2019 Data Breach Investigations Report, a premier cybersecurity research organization, the public sector is the most frequently targeted industry, with 16% of all cyberattacks taking place in this industry.   

Identifying risk areas is a critical factor when deciding where to invest your government’s time and resources. And, because data about local governments is more accessible than comparable private sector data, risk exposure is inherently increased.  From the park district to the finance office, resilient IT systems are necessary to protect infrastructure and help ensure smooth and efficient operations. Cyber risk should be treated as any other business risk the entity would protect against, and disaster recovery and business continuity plans should be established and tested regularly.

In the case study examples that follow, Andrea Jansen, a partner in Baker Tilly’s public sector practice, and Barry Esch, a director in Baker Tilly’s cyber and IT practice, share their IT and cybersecurity experiences with two governmental clients, a municipality and a county — highlighting the challenges faced and how these entities addressed their challenges.

Case study – county

When a county’s IT director retired, the county needed help identifying and hiring a replacement. They looked to Baker Tilly for help. Our team served as a resource and subject matter expert because we were familiar with the challenges that the IT department faced and the direction the county was looking to move into. Once the new IT director was in place, attention turned to addressing IT controls that hadn’t been prioritized from previous years’ audits. 

  • Working with the new IT Director, Baker Tilly advised on solutions to meet the county’s needs and objectives, including: A cybersecurity assessment to evaluate the county’s people, cybersecurity tools and processes
  • Building a cybersecurity program to address the county’s cybersecurity risks

Baker Tilly and the county collaborated to complete the assessment and build the cybersecurity program – a project that was completed within three months.  

 “Many times, municipal governments can undertake activities at little or no cost to strengthen their IT environments. This can be done through the investment of their time and effort to create appropriate IT and cybersecurity policies and build adequate controls to ensure they are utilized and followed,” noted Barry Esch.

Case study – city

As part of its examination of the effectiveness of its IT department and to determine whether additional staffing was needed, a city was seeking benchmark information on how similar entities staffed their IT department. 

Baker Tilly was engaged to provide staffing insights needed to build a multi-year plan. As part of this, we interviewed the city’s department leaders and IT staff, and performed a peer analysis of comparable cities. The analysis provided city leadership with a 360-degree view of its IT team, which allowed department leaders to explore staff strengths and areas of improvement — all while comparing these attributes to similar entities. The analysis helped the city take action to achieve their desired future state, including reducing their cost of service while increasing service quality.

“Because information systems impact the operations of all departments within our local governments, it’s important to regularly assess the IT function both in terms of operation and overall risk. This is true whether or not you have an outsourced IT function. If your government’s IT practices, policies or training haven’t changed in the last five years, it’s time for those charged with governance and management to give those another look,” said Andrea Jansen. 

If your organization lacks trained cybersecurity staff to build and execute the controls or to select and manage the appropriate cybersecurity tools, Baker Tilly can help. Our professionals focus on the needs of municipal governments. Our areas of expertise include municipal advisory, tax and audit, Opportunity Zones, CFO services, technology and cybersecurity services.

For more information on this topic, or to learn how Baker Tilly municipal advisory specialists can help, contact our team.

Sky and field
Next up

Mexico bylaw complicates verification of accounting operations materiality