For the last 20 months or so, we’ve worked with nearly 200 government municipalities on cyber loss control projects, now largely completed. Data security is a major concern for many municipal governments, so in this post—the third in our Cyber Security Foundation for Municipal Government series—we would like to share some tips focused on why data backup and encryption is crucial in civic organizations.
Data loss happens. We all know this. Computers crash, people make mistakes, malware wreaks havoc, and sometimes you even face fire, floods and famine. Without a backup you can use to recover your lost data, it’s gone for good—and that could be really bad.
The most important thing about backup—by far—is to do it. Backup, backup, backup! And test your backups regularly to make sure they worked, so you know you actually have what you think you have.
Both these essential processes are often overlooked, which puts an organization at serious risk. Especially with all the affordable cloud backup options now available, there’s just no reason to jeopardize your operations by failing to backup data.
Keep in mind all data is not created equal. IT and users need to communicate and agree about how often different kinds of data need to be backed up. If a database that sees dozens of changes per day only gets backed up once per week, that’s a lot of lost transactions waiting to say goodbye.
One final point about backups: I recommend that you consider keeping your backup drives offline and disconnected from your network when you’re not performing backups. Yes, this is a hassle. But ransomware and other malware is able to transit connected drives and damage your backup files and backup images as well.
With all the pressing challenges that municipal governments face, including limited resources, data encryption might seem like a “nice to have” that’s more trouble than it’s worth. But think about all the sensitive data you’re charged with protecting on behalf of citizens, like health and mental health information, criminal justice data, legally sensitive documents like contracts, employees’ personal data, and more. (For some municipalities, it might also make sense to encrypt email.)
That data is very valuable to criminals and that’s why they have your systems in their sights! With all that in mind, our advice about encryption is short and sweet. Encrypt all your sensitive and/or valuable data, period. Encrypt it “at rest” (where it resides on disk) and encrypt it while it’s “in transit” (being moved, shared, processed, etc.)
Encrypting data renders it useless to all but the most skilled and determined hackers. You owe it to your citizens and employees to keep their data safe. You may not have the budget to provide the most sophisticated security controls… but you can do encryption. It’s a highly effective protection and there are many affordable, easy-to-use tools out there to make it happen.
To talk with an expert about the right data loss prevention strategy for your organization, contact Pivot Point Security.
In our next post, we’ll blog on how to combat malware and social engineering attacks. Until then… stay tuned and stay safe!
Ongoing Series: Cyber Security Foundation for Municipal Governments
We are overviewing this foundational cyber security guidance for municipalities in a series of blog posts. The full list of topics we will be covering includes:
- Covering the bases
- Password management and access control
- Backup and encryption (CURRENT POST)
- Malware and social engineering attacks (coming soon)
- Cyber security awareness education (coming soon)
- Contingency planning: Incident response, disaster recovery and business continuity (coming soon)
- Vendor risk management (coming soon)
- Patching and other “technical controls” (coming soon)