The sense of urgency around cybersecurity is reaching a whole new level for state and local governments.
Things were already in pretty rough shape, as noted by the State and Local Cybersecurity Collaboration report co-authored by the National Association of State Chief Information Officers and the National Governors Association. The report shows how the majority of all publicized ransomware attacks in the United States have targeted local governments. Some, like the August 2019 Texas Cyber Incident, the attack on Louisiana public schools, and the Baltimore cyber disruption, have been well-publicized. But most incidents are publicly unknown.
With the arrival of COVID19, people are desperate to get any state and local aid they can to tide them over until the economy returns to normal. States and cities are thus stretching the capabilities of their IT infrastructures even further to enable citizens to interact online with agency staffs working from home securely. Hackers see this as an opportunity to exploit the stay-at-home mandates—taking advantage of families and government personnel who don’t have strong security measures in place on their home networks.
Longtime Favorite Targets of Cybercriminals
State and city IT infrastructures have long been targets for two primary reasons. They store valuable personal information on citizens that cybercriminals can leverage for identity theft and financial fraud. And in many cases, the IT infrastructures simply aren’t protected. Cybercriminals love to go after the lowest-hanging fruit.
The need to store personal information will never go away—that’s a big part of what state and local governments need to do as they deliver services. Weak security postures at least have the potential of being fortified. But many governments are defenseless because IT budgets take a back seat to critical citizen services. There just isn’t enough money left over for investing in the necessary technology, processes, expertise, and resources.
As a result, many state and local government IT infrastructures operate with older technology that can’t contend with today’s sophisticated cyberattacks. In some cases, systems have reached end-of-life support so that their vendors are no longer issuing security patches. Hardware and software systems are left wide open to attacks.
6 Low-Cost Tips to Help State and Local Governments Improve Security
But there are some relatively low-cost measures that state and city IT teams can consider. Here are six that are sure to strengthen your current security posture:
- Designate Responsibility—find at least one person who will assume the responsibility for cybersecurity and determine the budget and resources they have to work with. Even if the latitude you give them is narrow in terms of how much they can do, at least you’ve got someone who is always thinking about getting the most out of whatever resources you have.
- Document and Measure—Answers to IT security problems sometimes reveal themselves simply by taking inventory of all your hardware and software and then documenting security incidents that occur. You just might pick up a pattern that tells you which remedy to apply.
- Simplify—The more complex your IT infrastructure, the more difficult it is to defend. Simplifying your environment makes it easier to not only create a stronger security posture but also maintain it as new cyberattack methods evolve. A simplified environment may even cost you less—perhaps creating a bigger budget for security!
- Talk to Colleagues—Network with IT colleagues from other states and cities. You face similar issues and have probably applied similar solutions that have either worked well or not worked well. Either way, you have a lot of knowledge that can benefit each other. Maybe form a virtual round-table of five or so colleagues that meet once a month.
- Talk to Employees—End-users know much about what is going on in your network, and they may be able to help you identify risks. They are also the path through which many cyberattacks occur—such as clicking on malicious links and attachments. Getting their input and educating them on what not to do will go a long way to improving security.
- Borrow Best Practices—There’s a lot online about security best practices that are available for free. A good place to start is NIST. You may also be able to emulate policies and processes used by your third-party partners—they want their IT ecosystems to have strong postures just as much as you do.
If you’re on the IT team of a state or local government, one thing that you do have in your favor when it comes to cybersecurity is that you are on a very large playing field along with all other state and local governments. Hackers have many targets to choose from, and they will look for government entities with the weakest security postures. If your defenses are a little stronger than your neighbor’s, you just might avoid that lurking burglar!
A Handy Tool for Securing Files
A tool that state and local governments can use to improve their security postures is MOVEit Managed File Transfer (MFT) from Progress. Organizations around the world use MOVEit to protect files in-transit and at-rest to assure the reliability of core business processes and to secure compliant transfers of sensitive data among employees, customers, and partners. MOVEit also provides IT teams with complete visibility and control over file-transfer activities. If your organization is looking to securely and easily send files, you can start a free trial of MOVEit today.