My city needs to update its cybersecurity practices: Where do I begin?
Joe Penney is the senior manager of managed security at VC3, where he ensures the alignment of cybersecurity measures with industry standards and champions continuous improvements to help VC3 clients remain safe and secure. Contact VC3 at www.vc3.com/get-started.
Advertisement
“Where do I begin with cybersecurity?”
It’s one of the most common questions we get from cities.
You know cybersecurity is important. You hear about ransomware, viruses, and cyberattacks nearly every day. And you sense that your current cybersecurity defenses may not protect you if the worst happens. Yet, you keep putting off improving your cybersecurity. Often, it’s difficult to know where you should begin.
That’s where the League of California Cities’ cybersecurity and technology services powered by VC3 come in. We’ve distilled our tips, best practices, and recommendations into a checklist that cities can use to respond to cybersecurity threats and gaps facing local governments.
Protect
How well does your city proactively identify weaknesses in your city’s cyber infrastructure and alert leaders to security-related issues?
- Employee policies and training: Periodic training helps employees detect and avoid common cyber threats.
- Multifactor Authentication: MFA lessens the risks associated with weak passwords, social engineering, and phishing attacks by requiring an extra identity confirmation before accessing sensitive systems.
- Antispam/ email filtering: Basic antispam and email filtering tools prevent many potential phishing emails — fraudulent messages designed to trick recipients into revealing sensitive information or clicking on a malicious link or attachment — from reaching your employees’ inboxes.
- Data loss prevention: Is someone monitoring for unauthorized or suspicious access to your city’s data?
- Software patching: Do you regularly update software with security patches?
- Intrusion prevention: These tools detect and automatically prevent attacks related to specific vulnerabilities.
- Change control policies and procedures: These procedures include logging and understanding the repercussions of all changes made to security equipment and applications.
- Mobile device strategy: A well-defined mobile device strategy may involve issuing work-only devices to employees or providing secure access to sensitive and confidential data if they are using a personal device.
- Web content filtering: Does your city have special tools that proactively block employees from accessing malicious or risky websites?
Detect
Does your city have the capability to detect if a cyberattacker breaches your systems or exploits vulnerabilities to prepare for an attack?
- Security scanning: Do you regularly scan software systems to help identify and fix vulnerabilities?
- Dark web monitoring: These tools provide real-time alerts when information from your municipality (such as passwords) is found on the dark web — a hidden part of the internet mostly populated with illicit and illegal websites — so leaders can take proactive action against identity theft, blackmail, and more.
- Intrusion detection services: Does your city have tools to watch for suspicious network traffic, such as unusual logins and unexpected application usage?
- Managed Detection and Response: Does your city have tools that look for security threats across the entire IT environment?
- Endpoint Detection and Response: What tools are in place to detect suspicious behavior and potential cyberattacks on endpoint devices like servers, desktops, and laptops before cyberattackers strike?
- Security Information and Event Management: Are all these systems talking to each other? Can your city identify the most important and critical security alerts received from different systems, collect log files from different sources, and identify anomalies, such as a user logging in from another country?
Respond and Recover
How quickly can your city minimize damage and restore operations after a cyber incident?
- Data backup and disaster recovery: Does your city backup data both onsite and offsite? Do you routinely test your data backups?
- Offsite log retention: Logs are used for evidence related to cyber incidents. This data is needed to analyze the full nature of a cyberattack, deduce the source of the attack, and remediate it effectively.
- Incident response planning: Does your city have a plan detailing how you respond to a cyberattack? This plan will help you react to an incident quickly, effectively, and with “muscle memory.”
- Cyber liability insurance: While cyber liability insurance can’t prevent an attack, it can help cities recover financially from the costs of recovery. Improving your city’s security foundation will help lower cyber liability insurance premiums.
Implementing everything on this cyber checklist won’t make you bulletproof when a cyber emergency happens. However, a combination of strategy and tactics — preventing threats before they happen, identifying threats as they occur, and quickly containing threats after an incident — will put you in a great spot by decreasing the likelihood of a cyber catastrophe devastating your city.
As a managed IT and cybersecurity services provider serving municipalities throughout North America, VC3 can help. The League of California Cities partners with VC3 to deliver cybersecurity and technology services to cities in California that help protect local governments against cyber threats. To learn more, visit Cal Cities’ cybersecurity solutions page. For additional information, please email citysolutions@calcities.org or contact VC3 at info@vc3.com.