Secure yourself

By Shannah Hayley, Joel Peña

Overview overview link

In local government, digital security is often treated as an add-on rather than a standard expectation. From ransomware to downed operations, the costs of a casual approach to security — both financial and to citizen trust — are too high to ignore. When it comes to public services, security is not optional.

Problem problem link

Failure to secure digital systems leaves government organizations vulnerable to cyberattacks, unauthorized access and data breaches. This compromises sensitive information, including classified data, and puts citizen records at risk for privacy violations and identity theft.

Inadequate online security systems expose public agencies to substantial financial, reputational, and operational consequences — including erosion of public trust.

Solution solution link

Governments must treat security as non-negotiable. This involves committing to cybersecurity best practices like:

  • Strong passwords
  • Multi-factor authentication and strict security policies
  • Investing in robust online security systems that include data encryption, firewalls, and intrusion detection

Organizations must also budget to keep technical operations secure and continuously train staff on digital security.

By implementing robust strategies and adopting best practices, your organization can mitigate risks, protect sensitive data, and maintain the trust of citizens.

Context context link

Digital security is everyone’s job. Tackling this topic effectively requires a coordinated multi-pronged approach.

Establish a cybersecurity culture establish a cybersecurity culture link

Digital security starts with fostering a culture of cybersecurity awareness and responsibility.

Begin by training employees on best practices. Encourage a proactive approach to identifying and reporting potential threats. This will establish a sense of ownership in protecting online systems among all staff. There are many free and low-cost tools for cybersecurity education from trusted organizations, such as the Cybersecurity and Infrastructure Security Agency.

Cybersecurity should be considered a critical component of your organization’s infrastructure. Make sure you account for it in your Continuity of Operations Planning (COOP).

Protect your online systems with strong security measures protect your online systems with strong security measures link

Adopt robust security measures to protect your websites and online systems. At a minimum, this should include:

  • Multi-factor authentication: A security measure that requires users to provide two forms of verification (such as a password and a unique code) to access.
  • Encryption: The process of encoding data to make it unreadable by unauthorized parties.
  • Secure web hosting: Online digital assets such as websites, apps, and application programming interfaces should be hosted and protected through a service that provides firewall, attacks prevention tools, bot detection, and real-time monitoring services.
  • Local network firewalls: Security barriers that monitor and control network traffic, protecting against unauthorized access and filtering out potential threats from entering or leaving a network.
  • Intrusion detection systems: Tools that monitor network activity to detect and respond to potential security breaches, identifying suspicious or malicious activities that could indicate unauthorized access or attacks.

These measures, combined with fundamental best practices such as use of Hypertext Transfer Protocol Secure (HTTPS), password management, and regular system backups, can significantly reduce the chances of hackers accessing sensitive information through your digital systems.

Develop comprehensive security policies develop comprehensive security policies link

Create and enforce robust security policies. This will establish clear guidelines and expectations for maintaining secure digital systems agency-wide. Policies should address areas like system access controls, password management, data encryption, incident response procedures, and regular system updates.

Conduct a security plan assessment conduct a security plan assessment link

Work with your employees to identify all of the digital systems currently in use, number of users, and loss of access impact. Make sure to catalog the purpose of each digital system and its value to the organization (i.e., operational, mission critical, or nice to have). Finally, identify the recovery time objective for each system after an outage.

Conduct regular security audits conduct regular security audits link

Conduct a security audit at least once a year. These are essential for identifying vulnerabilities and gaps in online systems.

A comprehensive assessment will help you understand the effectiveness of existing security measures and detect potential weaknesses. There are online tools available to start this process. Vendors can perform more detailed audits.

Engage in cyber threat intelligence sharing engage in cyber threat intelligence sharing link

Actively participate in threat intelligence sharing networks. By collaborating with other government agencies and security organizations, you stay updated on emerging threats, attack trends, and countermeasures. Timely information sharing will help you be proactive in defending against cyber threats.

Mantras mantras link

  • Security is not optional
  • Security is everyone’s job

Checklist checklist link

  • Implement stronger security measures, using a consultant if needed.
  • Foster a cybersecurity mindset by continuously training staff on digital security.
  • Perform regular security checks on your systems and have backups.
  • Hire staff or a consultant knowledgeable about cybersecurity and include them when making software selections.
  • Audit your digital systems and make an action plan to address vulnerabilities.
  • Include cybersecurity in your organizational Continuity Of Operations Planning.

Questions to ask questions to ask link

  • What cybersecurity policies do we have in place?
  • How are we training our employees to have a cybersecurity mindset?
  • What type of security measures do our digital system providers have?
  • What processes do we have in place to recover data after an attack or breach?
  • Which of our digital systems are mission critical?
  • How soon do our digital systems need to be restored after an attack or breach?

Learn more learn more link

  • Shields Up: Guidance for Organizations, Cybersecurity and Infrastructure Security Agency77
  • Free Cybersecurity Services and Tools, Cybersecurity and Infrastructure Security Agency78
  • Guide to Cybersecurity Risk Assessment, Cybersecurity and Infrastructure Security Agency79
  • Partnering to Safeguard Localities from Cybersecurity Threats Toolkit, Cybersecurity and Infrastructure Security Agency80
  • I’ve Been Hit with Ransomware, Cybersecurity and Infrastructure Security Agency81
  • Stop Ransomware Training, Cybersecurity and Infrastructure Security Agency82

On this page

Contents Next chapter: Protect privacy

Authors

Shannah Hayley

Shannah Hayley

Shannah’s pursuit of living life to the fullest has taken her all over the world with various communications-focused jobs, from teaching in Kenya to consulting in the United Kingdom. Shannah now serves as the Director of Communications and Community Outreach for the City of Plano, Texas.
Joel Peña

Joel Peña

Joel is a dynamic and innovative professional with extensive experience developing and executing successful strategic website and marketing initiatives. As a high-level problem solver with a keen eye for opportunity, Joel is a forward-thinking strategist who has consistently driven growth and success for a variety of organizations across multiple industries.