Does your organization have cyber insurance? Are you protected from cyber threats? How will your organization react if a disaster or cyberattack does occur? The reality is that most people are unsure about these questions, and even fewer are informed on the recommendations that Federal and State agencies provide. Conversations around cybersecurity and cyberattacks have become more prevalent, but as workforces expand outside the traditional walls of the office and into remote locations, cybersecurity is now more relevant than ever.

I talk to people in the local government industry every day, and most have a story to tell about a cyber threat they have experienced first-hand. Their geographic location, population, budget, and workforce size does not shield them or anyone else from being the target of cyberattacks, as cybercriminals do not discriminate.

Today’s cyber landscape is overcome with threats and skilled outfits trying to steal or extort targets of sensitive data through sophisticated cyber software attacks to secure hefty ransom payments. There are various techniques that cybercriminals use, such as Denial of Service (DoS) attacks, ransomware, and phishing. In case you were not aware, ransomware or malware is software that carries out an attack on a computer or network. The attack is usually enabled through a harmful email link, attachment, or compromised website. Phishing, on the other hand, is an attempt to steal sensitive data, like credit card numbers, bank account numbers, and other information by posing as a trustworthy source. Phishing attacks can be received through an email, text message, phone call, or even be disguised as a trusted website.

How Can You be Prepared?

Start by speaking with your cyber insurance policy administrator and review your policy information with an IT professional to see what you can do to prepare. Cyber insurance is something you are required to have, but probably never looked into unless you have needed it. Many cyber insurance policies provide a quiver of recommendations, standards, mock cyber plans, and mock cyber policies for organizations to use and make their own.

One exemplary organization that resides in my home state of New Jersey is the NJ Municipal Excess Liability Joint Insurance Fund (MEL). They have been providing their members with cyber insurance coverage since 2013. MEL teamed up with the Bloustein Local Government Research Center at Rutgers University to develop a list of minimum technology proficiency standards for its members. Their  “NJ MEL Cyber Risk Management Program” report outlines standards and compliance guidelines along with sample plans for action and protection. The content in this report is extremely helpful to learn more about cybersecurity and to look for guidance to further the goals and initiatives of your organizations.

The professional IT staff at Edmunds GovTech works with many customers on their IT initiatives by providing business-class Managed IT Services that ensure local governments meet or exceed recommended standards like those defined by MEL.

Here are four suggestions from our staff for you to consider as you aim to up your cybersecurity game:

1)  Conduct an Annual Cybersecurity Risk Assessment

It is highly recommended to schedule an annual review of your IT infrastructure that includes a health check-up and risk assessment of all PC’s, servers, and devices on the domain. An annual assessment will flag any network vulnerabilities that might arise as technology advances. Having a third party or managed IT service provider like Edmunds GovTech will alleviate the burden of evaluating your own IT infrastructure. This extensive process includes tasks such as patch management, IT asset inventory, warranty expiration, license metering, and budgeting for aging hardware that needs to be replaced.

2)  Protect and Monitor Your Systems

Cybersecurity protection and surveillance is something that needs to occur on a continuous basis. Protection begins with your firewall, which sits between your network and the internet. Firewalls actively filter content, secure ports, and monitor traffic. It also secures your wireless networks and Virtual Private Networks (VPN) that are used to access your local network securely from remote locations. Having a robust firewall box and an IT professional to configure it is critical to protect your sensitive citizen and government data from significant threats. The act of protecting and monitoring also extends itself to your desktop PC’s, laptops, and mobile devices. Anti-virus, anti-malware, and anti-ransomware agents are used to monitor and stop threats that may appear on your local devices. Remote management and monitoring tools like these alert IT professionals of incidents that need attention, such as device and backup failure or worse, an attack.

3) Create a Backup Plan

Does your backup solution minimize your system’s recovery time when you need it the most? The days of manually changing and backing up tapes are gone. There are plenty of stories about failed backups with bad tapes and data loss. Today’s modern backup solutions are known as Business Continuity & Disaster Recovery Solutions (BCDR). These services include automated backups that store data in multiple cloud locations. Data is encrypted both in transit and in the hosted environment. Most importantly though, your backups are scanned for viruses and ransomware before they are verified for a potential restore. Versioning, or backups that occur when your data has changed, is also a key feature. This allows you to selectively make backups and take snapshots of your data up to every hour. These snapshots are stored securely should they be needed for future reference. This automated process also significantly reduces your downtime when facing an attack or disaster. Ultimately, this process will allow your IT professional to get you back up and running within an hour, compared to days or weeks. If your server does fail, cloud virtualization allows you to run your entire server securely from the cloud, while your IT team works to replace the damaged device. This feature keeps your operations going while you recover.

4) Continue Learning and Practicing Cyber Awareness

The human factor is one of the biggest risk factors that needs to be addressed in today’s cyber landscape. This can be addressed by creating strong organizational policies and training practices around password creation, email use, recognition of security incidents, malware identification, and social engineering. It is recommended that your staff receive a minimum of one-hour cyber awareness training each year to reduce your risk.

All-in-all, cybercrime is a very lucrative business and it will continue to grow. While no one can prevent 100% of attacks 100% of the time, it is important to take preventative action to mitigate these events when they do occur. Consider joining Edmunds GovTech and utilizing our Managed IT Services to strengthen your cybersecurity presence and build a more resilient organization for the future.

If you are interested in learning more about how Edmunds GovTech can assist in safeguarding your local government with Managed IT Services, contact us to schedule your on-site cybersecurity risk assessment.