Cybersecurity best practices for local government organizations
Cost-effective advice for maximizing your security program
As Benjamin Franklin once said, “An ounce of prevention is worth a pound of cure” — and that’s doubly true when it comes to cybersecurity for the public sector. The threats and risks facing local government organizations continue to increase, largely due to the perception that they lack the resources and experience necessary to secure their systems.
There’s no doubt that resources are tight at the municipal level; spending more in one column means there’s less for another, and with the intense scrutiny spending receives, it can be difficult to increase investment in security.
Attracting and retaining experienced cybersecurity talent is also tough. Between these challenges, there’s also the need to protect confidential information and keep systems and services operational.
The good news is that there are several easy, cost-effective cybersecurity best practices that will massively improve your security posture — and best of all, you can implement them right now.
Getting the basics right
Putting basic cybersecurity controls in place will have an immediate impact on your defenses. One of these measures is ensuring employs use strong passwords. Weak passwords used across multiple accounts give attackers an easy in. Investing in password management tools solve the issue around creating, storing, and recalling unique and complex passwords.
What’s more, Verizon’s 2020 Data Breach Investigation Report (DBIR) found that human error remains one of the leading causes behind a data breach. It’s imperative that your IT network and cloud services are properly configured. Hackers rely heavily on misconfigured systems and weak security measures to ensure their attacks are successful.
Having cyber situational awareness (CSA) is another control that can help you identify the threats that are most likely to impact your organization. CSA can be defined as knowing your network, knowing the threats to your network, and knowing how to respond to those threats. With this insight, you can identify and address “quick win” risks, like checking and correcting access permissions and privileges.
It’ll also help you spot missed patches. A shocking number of attacks or breaches could easily have been prevented with an available software update. Routinely checking for and applying patches can help you resolve vulnerabilities quickly.
Building a cybersecurity playbook
One of the most effective practices you can implement involves planning and preparedness. Take a step back from operational challenges and consider all the risks facing your organization and how they could impact you.
Designing a plan takes time and can be challenging but needs to be a priority. Unfortunately, there’s no one-size-fits-all approach to creating a cybersecurity playbook. Your playbook should detail key action steps for:
- Incident detection, notification, analysis, and forensics.
- Response actions, specifically containment, remediation, and restoration.
- Ongoing communication with stakeholders and customers.
- Post-incident analysis to determine what happened and how your organization handled it.
Start by focusing on the “mission critical” aspects of your organization. What absolutely needs to be back up and fully operational first? What are your priorities, and what can wait? These questions can help identify key pieces of your cybersecurity plan, as can an understanding of your requirements from a regulatory perspective.
Making a playbook can also help get boards and senior leadership invested in the issue. Highlighting the risks, their impact, and steps you can take to respond will make it easier to get buy-in on security initiatives.
Training, education, and building a culture of security
The weakest link in cybersecurity remains the human element.
People make mistakes — and the only way to lower that risk is through education. Training users and raising risk awareness goes a long way towards a security-first culture.
Security is everyone’s responsibility, despite what some may think, and ensuring every staff member at every level understands this can help reduce the risks associated with human error. Consider investing in ongoing cyber security training, developing informative resources or guides for employees to access, and encouraging communication about new and emerging risks.
Disaster recovery planning and testing
When something goes wrong, your first step will be to work your playbook and implement your plan. You want to make sure you’re collecting the right information and taking appropriate action to mitigate a cybersecurity incident.
But just because you’ve got a plan in place doesn’t guarantee it’ll work. That’s why it’s also vital to test the playbook you’ve created. For example, it’s one thing to back up your data, but another to make sure you can restore operations with it.
Get visibility across your network
What visibility do you have of your network?
Think of it this way: if you were in charge of protecting a bank from robbers, you’d obviously want security staff to keep an eye out for suspicious activities. But people have limitations, and can’t watch everything simultaneously, so you’d likely also set up cameras for better visibility. Maybe you’d add motion detectors that would alert you to activity in a locked vault. Basically, you’d want to get consistent, reliable visibility and defences in place and make sure you’ve always got eyes on the things you’re trying to protect.
Your IT network needs similar visibility. Relying on what you can see during the day is great, but without accurate visibility into all the activity across your network (including cloud services and endpoint devices), and assets, it will be difficult to defend them.
This visibility can give you insight into the steps you need to take to address and mitigate these threats pre-emptively. In short: visibility tells you when you’re under attack, what is being attacked, and how to defend against this attack.
Easy-to-use cyber threat monitoring platforms, such as Field Effect’s Covalence, deliver the visibility you need via contextual alerts and recommendations, giving you actionable insight into the steps you need to take to secure your organization.