The need to stay focused on cyber protection remains high after recent hostilities between the United States and Iran. Some local governments report an increase in spearphishing and other cyber intrusions. Recent news reports remind us that election systems may be vulnerable to hackers if thay have a modem and are left online, even momentarily. The Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, is a great source for guidance on everything from ransomware to the current threat situation. The tips below are adapted from CISA:
- Practice good cyber hygiene; backup, update, whitelist apps, limit privilege, and use multifactor authentication.
- Provide cybersecurity training to your staff.
- Segment your networks; make it hard for the bad guy to move around and infect multiple systems.
- Implement regular scans and use automated patches. Monitor traffic.
- Develop containment strategies; if bad guys get in, make it hard for them to get stuff out.
- Know your system’s baseline for recovery.
- Review disaster recovery procedures and validate goals with executives.
- Have a business continuity plan.
- Consider reporting your cyber incidents to CISA as part of an early warning system.
If you're interested in learning more about cybersecurity issues faced by U.S. local governments, including what their capacities are, what kind of barriers they face, and what type of support they have to implement cybersecurity programs, download our Cybersecurity 2016 Survey. This survey was conducted by ICMA and the University of Maryland Baltimore County.