In my previous IT blog post, Benefits of Utilizing a Managed IT Service Provider, I reviewed the different types of Managed IT Services, which have become a popular addition to our suite of product and service offerings. Managed IT Services offer many benefits over the traditional break/fix model and continue to be a growing priority for municipal governments.

As you consider your Managed IT options, it’s important to familiarize yourself with key industry terms that may arise or need to be addressed throughout the process.

A cyber assessment is an audit that is performed on the infrastructure and technology within your existing network and municipality. This technology audit includes an inventory of servers, workstations, software, departments, users, policies, and processes that may be at risk. After the assessment is completed, risks are highlighted and ranked by severity in a follow-up report. To learn more about a cyber assessment and how it can benefit your local government, click here.

A cyber assessment will uncover cybersecurity risks. Cybersecurity protects computer systems and networks from theft or damage to their hardware, software, or data without disrupting service. Other key security risks are mobile devices and tablets, as these have been used more recently within local governments and have played a major role in the rise of threats.

Threat mitigation is a crucial and a proactive approach that every municipality needs to remain secure. Proactive measures should be taken to protect systems and networks, such as implementing anti-virus, anti-malware, business class firewalls, content filtering, and remote monitoring and management. These cybersecurity tools work together to further safeguard data.

The ability to continue critical business functions and operations after the occurrence of a disaster or threat is known as business continuity. You should be armed with an action plan in the event of a system disaster. Disasters include power outages, vandalism, and human error. Human instigated disasters are usually the most frequent and disruptive, and they are often inadvertently initiated.

Business Continuity and Disaster Recovery, or BCDR, is a set plan of processes that is used to help an organization recover from a disaster and resume operations. It interlinks many IT roles and functions to get the system, hardware, and software back up and running with minimal downtime.

Malware, or malicious software, is designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including viruses, worms, trojan horses, ransomware, spyware, and adware. Ransomware is a type of malware that threatens to publish the victim’s data or block access to it by demanding a ransom payment. It works by encrypting files to make them inaccessible and will decrypt them once payment is received. A virus is a type of computer program that, when executed, replicates itself by infecting other computer programs and the device as a whole.

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details by disguising itself as a trustworthy entity in an electronic communication. This typically occurs by emailing, instant messaging, and text messaging. Phishing often directs users to enter personal information via a fake website, which is camouflaged to look like a legitimate and trusted site. Due to the prevalence and deviousness of phishing, training events and educational seminars are becoming more popular for municipal employees, so that they are trained to identify these types of attempts. Human error and lack of awareness are key contributors to a cybersecurity risk.

A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Most data breaches involve vulnerable unstructured data such as files, documents, and sensitive information, which is why it is important to utilize a threat mitigation strategy.

Cloud computing represents the data storage of online programs and services that you interact with on your device or computer. This data is stored externally on the internet, which is referred to as “the cloud.” Examples of popular cloud computing are programs such as Google Docs, Facebook, and Gmail. Cloud computing has increased demand for Software as a Service, or SaaS. SaaS is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted and delivered via the cloud. SaaS services are also known as web-based applications, on-demand software, or hosted software.

Due to the rise in cybercrimes and increased use of the cloud, it’s important now more than ever to protect your data. Multi-factor authentication, or MFA; encompassing two-factor authentication, or 2FA, is an electronic authentication method in which a computer user is granted access to a website or application only after successfully verifying two or more pieces of information that authenticate the user’s legitimacy. A user may be asked to verify personal information, a security question, a code that has been sent to them, or something else that only the user would know. MFA prevents an unknown party from trying to access your data, such as personal ID details or financial assets. A third-party authenticator, or TPA, is an application that enables two-factor authentication, usually by displaying a randomly generated code for authentication. It’s likely you have seen these when accessing your online bank accounts or other cloud hosted systems.

It is also important to setup firewalls, or systems designed to protect and secure a computer network from external security risks. Both commercial web services and your home Wi-Fi network will need protection from cyber risks. Firewalls monitor inbound and outbound network traffic and determine whether to allow the traffic through based on a user-defined set of security standards. Allowing users to access your network over a Virtual Private Network, or VPN, will establish a secure connection over the internet.

As a reminder, make sure your systems are up to date. Patch management is the process of managing a network of computers by regularly performing patch updates to account for the latest releases. A software patch is code specific to fixing a bug or adding additional functionalities or enhancements, so it is important to have the latest version for added security.

Finally, many municipalities are making the switch to Voice over IP (internet protocol), also known as VoIP. This is a phone data management system that uses your internet service provider’s bandwidth for phone data. It is reliable, does not rely on a physical phone line, and makes the transition to remote work easier to manage.

If you are interested in learning about how Edmunds GovTech can assist you in safeguarding your local government with Managed IT Services, contact us to schedule your free cyber assessment.