https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
    • Latest videos
    • Product Guides
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
    • Product Guides
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Smart Cities & Technology


Pixabay

Article

A three-step plan for a citizen-first cybersecurity strategy in cities and counties

A three-step plan for a citizen-first cybersecurity strategy in cities and counties

  • Written by Brandon Shopp
  • 4th January 2022

Cyberattacks against states and municipalities have increased significantly in the last year, with school districts, city halls and police departments among the most vulnerable. Ransomware attacks in particular are on the rise. In 2020, more than 2,000 public sector organizations—including municipalities—were targeted in these attacks.

These incidents highlight how local governments can become an easy target for cybercriminals. Often hampered by tight budgets, aging IT systems and small IT departments, protecting the endless amount of citizen data they’re entrusted with is getting harder and harder.

To achieve and maintain a strong security posture, state and local leaders must change how they think about cybersecurity. Instead of a technology-first approach, these organizations must start with a proactive defense strategy based on a citizen-first mindset.

Here are three considerations state and local government officials should consider in their security planning:

1. Protecting the public
To secure and protect public data, cities and counties must first identify the most critical data and assets in their digital environment. Though most organizations have a plan to maintain and protect servers and critical endpoints, the next step is determining the key components within them, including applications, data stores, systems, and even employees. Why? Because if an employee who has access to sensitive data is targeted with a phishing campaign—where threat actors send emails containing a malicious attachment or direct the recipient to a website containing ransomware—the entire data set could be compromised.

With key assets defined, IT teams can put processes and policies in place to heighten security around these items.

It’s also crucial to regularly review these policies. Though it’s impossible to secure everything, defining and protecting these critical elements should be the top priority for security teams.

2. Practicing good cyber hygiene
One of the reasons ransomware and other attacks succeed is a lack of basic cybersecurity hygiene. In the fight against cybercriminals, it’s easy for inertia or security apathy to sink in. The sense that “we have all the controls in place we need” is commonplace. But this thinking only tips the scales in favor of bad actors.

Indeed, a recent study suggests although public sector IT pros feel their existing cybersecurity policies and procedures are sufficient, they must move to adopt a mentality in which even “medium” risk exposure is unacceptable. And this mindset must be adopted across the organization.

As such, IT teams must examine their current technology and processes and deploy solutions capable of providing complete visibility into all systems so they can identify and mitigate hidden risks. Even small changes like maintaining a regular patching cadence, enforcing multi-factor authentication and reducing the attack surface using network segmentation or virtual machines can improve security postures.

While IT is fighting in the trenches, the C-suite should also discuss security and promote it as a top-down priority. Furthermore, non-tech employees should think of themselves as part of the extended security team and implement basic cyber hygiene practices.

3. Staying up-to-date with regulations
Regulations can feel like a tall task to keep up with, but they present city and county IT teams with new opportunities to stay ahead of the curve. Regulatory guidelines drive security, force buy-in from senior teams, and reduce the potential for data breaches in the future. They also benefit citizens whose data must be protected.

In recent years, the scope of privacy regulations, like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, has significantly expanded. These and future laws define the measures a municipal organization must take to protect itself and its data, the controls it must deploy, reporting requirements, and how third-party risk is managed.

IT and security teams can work in sync with legal, audit, and compliance teams to implement and maintain these standards of care. They must also stay up-to-date as new regulations emerge, such as the State and Local Cybersecurity Improvement Act—if passed, it will set baseline objectives for cybersecurity efforts.

Executing the steps above can seem like a daunting prospect. But cities and counties can find allies in this fight. Connecting with their peers, joining local organizations, attending meetups and seminars, and staying in touch with the broader security community will help IT pros complete these activities and processes and proactively protect critical systems and citizen data.

Brandon Shopp is the group vice president of product at SolarWinds. Shopp has spent more than 10 years with SolarWinds and has a proven success record in product delivery and revenue growth, with a wide variety of software product, business model, M&A and go-to-market strategies experience.

Tags: homepage-featured-1 homepage-featured-3 homepage-featured-4 Administration Public Works & Utilities Smart Cities & Technology Administration Public Works & Utilities Smart Cities & Technology Article

Most Recent


  • Report: With increasing popularity of e-bikes and e-scooters, there's a need for 'safe and connected infrastructure'
    Electric scooters and e-bikes are rising in popularity. As transportation options diversify, local policymakers are beginning to integrate micromobility means as integral fixtures in transportation networks and climate action plans, given their health and climate benefits. But along with solutions, they’re also bringing with them a slew of hurdles. A report out of Oregon highlights […]
  • New York mayor announces city-wide curbside composting program, impacting 8.5 million residents by 2024
    On the heels of a successful 3-month-long pilot program in Queens, New York City has announced the largest curbside composting program in the United States. The initiative will begin following a winter-long hiatus of the Queens pilot, which is set to return permanently March 27. Curbside service to Brooklyn will begin Oct. 2, followed by the […]
  • Phoenix
    Federal funds help fast-growing Arizona city address several infrastructure challenges and needs
    Joe Giudice, public works director for the city of Phoenix, says the influx of new residents is driving a lot of construction in his community. “Phoenix is the fifth largest city in the United States. It is one of the fastest growing cities in a fast-growing region, which influences infrastructure product and service demand. This […]
  • How 5G is making cities safer, smarter, and more efficient
    This article first appeared on Urgent Communication. It’s a scenario we’ve all experienced: an ambulance with a blaring siren racing against time to get a person in medical distress to a hospital through traffic. What we don’t see is 5G connectivity enabling paramedics to communicate with hospital staff via video conference and coordinate care in […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cyber-first infrastructure should be a priority
  • How public electric utilities can leverage federal broadband grants
  • Digital supply chain challenge to cities and counties—another cyber minefield to navigate
  • Prioritizing rapid restore leads to stronger ransomware attack recovery

White papers


Modernizing government services for today’s resident expectations

24th January 2023

Preparing Your Community Now for the Next Generation of Older Adults

18th October 2022

Helping Government Fleets Achieve Their Goals

30th September 2022
view all

Webinars


How To: Evaluate Digital Government Service Delivery Technologies

23rd January 2023

Using Technology to Enhance Communications

29th November 2022

Learn the benefits of transforming and automating your Contract Management process

4th November 2022
view all

PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

GALLERIES


Report: While remote work is causing offices to empty out, walkable cities are still in high demand

26th January 2023

10 American cities with a great downtown

24th January 2023

Miami leads the way in FT-Nikkei ranking of best U.S. cities for foreign companies

20th January 2023
view all

Twitter


AmerCityCounty

Report: With increase popularity of e-bikes and e-scooters, there’s a need for ‘safe and connected infrastructure’ dlvr.it/ShlKmJ

31st January 2023
AmerCityCounty

New York mayor announces city-wide curbside composting program, impacting 8.5 million residents by 2024 dlvr.it/ShhRk1

30th January 2023
AmerCityCounty

Federal funds help fast-growing Arizona city address several infrastructure challenges and needs dlvr.it/ShhBtf

30th January 2023
AmerCityCounty

How 5G is making cities safer, smarter, and more efficient dlvr.it/ShYNcx

27th January 2023
AmerCityCounty

Shifting city demographics present an opportunity to build coalitions, address inequality dlvr.it/ShYMMm

27th January 2023
AmerCityCounty

Spending American Rescue Plan Act funds: A primer for municipalities dlvr.it/ShXzvl

27th January 2023
AmerCityCounty

Report: While remote work is causing offices to empty out, walkable cities are still in high demand dlvr.it/ShVhBW

26th January 2023
AmerCityCounty

Managing landslides along road corridors using remote sensing dlvr.it/ShTpL6

26th January 2023

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.