Protecting Municipal Data: Security Tips for City Officials

The FBI reported that cyber attacks against government facilities saw an increase of almost 36 percent in 2023. While cyber criminals continually develop more sophisticated tools, local governments lag far behind in protecting municipal data. The trifecta of legacy systems, limited resources, and lack of security expertise makes municipalities a tantalizing, vulnerable target.

Consider a few examples from 2023. First, dispatchers in Bucks County, Pennsylvania lost their computer-aided dispatch systems for nine days, forcing dispatchers to resort to pen and paper. Likewise, ransomware attacks in Georgia and Missouri delayed vehicle registrations, marriage licenses, and tax payments.

Municipal agencies across the country report similar incidents that compromise sensitive data, disrupt critical operations, and damage public trust. City officials cannot afford to ignore the threat. The following security tips will help them protect their digital infrastructure and safeguard citizen information.

1. Elevate Cyber Security Awareness: Step One in Protecting Municipal Data

Study after study shows that human error contributes to the majority of successful cyber attacks. For instance, employees use weak passwords, reuse passwords, or share them with their coworkers. They also click malicious links and fail to apply security patches. And nearly half of workers in the US trust public wi-fi. In short, they leave doors wide open for attackers.

To counter this problem, municipalities must upgrade their cyber security awareness training. For comparatively little cost, agencies can potentially reduce successful phishing attacks and malware infections by as much as 90 percent. Regular training sessions, targeted to specific user groups, will prove effective, particularly when combined with phishing simulations.

2. Implement Strong Access Controls

Access control involves managing who can access data and resources and under what conditions. This includes authentication, the process of verifying the user’s identity. It also includes controlling the resources users and processes can access and the level of access granted.

For optimal security, municipalities should implement the principle of least privilege. This means limiting user access to only the resources and data they need to do their jobs. Permissions can be tied to clearance levels, the user’s role within the organization, the time and location of the access request, and so forth.

At the very least, organizations should implement strong password policies and enable multi-factor authentication (MFA). They should also regularly review access rights to address issues with unused or excessive permissions.

3. Patch and Update Systems Regularly

Security patches for software and firmware play a significant role in protecting municipal data. Cyber criminals actively seek for vulnerabilities to exploit. All too often, they will successfully exploit a vulnerability for which the software vendor has already supplied a patch. But if agencies and individuals fail to apply patches regularly, they leave their system exposed.

For example, in 2017, the WannaCry ransomware attack impacted more than 200,000 devices in 150 countries. Attackers exploited a known vulnerability in Microsoft Windows. And even though Microsoft had supplied a patch two months before the attack, thousands of organizations had not applied it.

4. Review and Strengthen Backup and Recovery Strategies

While backups will not prevent a cyber attack, following a solid backup strategy can significantly limit data loss. Backups also empower organizations to navigate cyber attacks more successfully.

An effective strategy will include regular, automated backups of all systems and endpoints. Make multiple copies of essential data, storing them in separate locations. Then periodically test both the backups and the restore process to ensure that backups are clean and the process works.

5. Continually Monitor Networks and Systems

Network monitoring tools can detect unusual or suspicious activity long before end users would notice issues, allowing for prompt response. For instance, a tool like eCare Secure Route constantly monitors networks and devices. In addition to blocking malware, it also detects and contains attacks before damage occurs.

Stack the Deck with Municipal Security Experts

The cyber security experts at eMazzanti Technologies provide custom IT solutions for local governments. We understand the pressures you face, from limited personnel to tight budgets, and we will tailor a solution to meet your needs.