Last Updated on September 18, 2020
For the last 20 months or so, we’ve worked with nearly 200 government municipalities on a cyber loss control project, now largely completed. We know from conducting these risk and gap assessments there are many similarities across municipal entities: they provide many of the same services, use a lot of the same applications, are subject to the same laws and regulations, and even work with many of the same vendors. Based on the findings from this effort, we’ve identified those areas where many municipalities are most vulnerable and are excited to share practical tips and actionable insights to increase information security in municipalities.
A stronger cyber security foundation is something many municipalities of all sizes need to build ASAP. Hackers are well aware that municipalities are vulnerable to attack and hold valuable data from social security and credit card numbers to health records.
Building a Cyber Security Foundation for Municipal Governments
We will detail these vulnerabilities and provide cyber security guidance for municipalities to address them in a series of forthcoming blog posts. The key topics we will be covering are:
- Covering the bases (CURRENT POST)
- Password management and access control
- Backup and encryption
- Malware and social engineering attacks
- Cyber security awareness education
- Contingency planning: Incident response, disaster recovery and business continuity
- Vendor risk management
- Patching and other “technical controls”
Every municipality needs to “cover the bases” in each of these seven areas to reduce its information security risk. If your municipality handles its own IT, these are the basic security controls you need. If you outsource some or all of your IT services, review this information with your vendor to ensure you’re protected. If you’re looking for a list of the right questions to ask, reach out and we’ll be glad to point you in the right direction.
We look forward to sharing this insight with you! Please keep an eye on our blog, and contact Pivot Point Security for help with any security-related issues.