Why Municipals Need Better Security Measures in Place Today

by Chase Venters, Chief Information Officer
  • As these type of organizations offer critical services to vulnerable people, there is a higher degree of urgency to restore access, especially if lives are potentially at risk
  • There are a wide range of access points. The government sector is large and there are a vast selection of endpoints, from the computers in government official’s offices and libraries through to the equipment in police cars. This means more targets to exploit
  • Some Government entities find themselves using older technology and systems due to lack of budget, making them more vulnerable to attack
  • Similarly, as there is less budget, government organizations can find themselves with smaller, less-experienced IT teams
  • This sector holds a lot of data on citizens, including address, date of birth as well as bank and credit card details. This information is hugely lucrative if it falls into the wrong hands and could be sold on the global black market
  1. Review your systems architecture: Auditing your existing systems will help you identify potential flaws and how you can fix them to make it harder for cybercriminals to compromise your organization. Preparing for an accreditation like SOC2 or ISO 27001 can allow your IT team to identify weak spots in your systems, as well as provide the citizens you offer services to peace of mind in your processes.
  2. Hire the right staff: Cybersecurity is a growing industry, and it is essential you get the best talent in your team to protect your systems in case of an emergency. It’s essential to have someone available who can not only identify potential flaws in your systems, but get them fixed too. You need either an individual or team with experience in penetration testing (also known as ‘ethical hacking’) as well as cybersecurity.
  3. Keep your systems up to date: Your IT team needs to ensure that all of your systems are patched and updated regularly, and that all computers have the latest anti-virus software on them. An updated system will be less vulnerable to attack. All endpoints need to be updated. All it takes is one weak link in the chain to cause a problem. If you allow staff to use their own devices, you need to take this into consideration too.
  4. Backup your information: Keeping a copy of your most important data available will ensure that if the worse happens, you can keep operating without disruption. Ensure your most critical data is stored in isolation and is not connected to anything externally. This is known as ‘airlocking’ your data and will help keep it secure.
  5. Have a contingency plan: You’d have a plan in place if there were an earthquake or tornado, so you need to have a plan in place for a cyberattack. Determine all of the details at top level. Who would be involved in putting the issue right? What would you tell the public? How would you ensure essential services could still operate? Test your plan on a regular basis and make changes as appropriate.
  6. Make all employees aware of the part they play: About 15% of the US population work in national, federal or local government. Even though they don’t all need to know how to avert a cyberattack, they do all need to be aware of the risks of one. 95% of cybersecurity breaches happen because of human error, so you need to train and brief all staff on a regular basis. For example, tell them how to identify a suspicious email, how to protect confidential data and how to report something that doesn’t look quite right on their computer.
  7. INSIST that all of your vendors follow these same principles and that the software and services they provide you are not the source of vulnerabilities.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Exceleron Software

Exceleron Software

North America’s leading utility prepay and payment service company.