A three-step plan for a citizen-first cybersecurity strategy in cities and counties
Cyberattacks against states and municipalities have increased significantly in the last year, with school districts, city halls and police departments among the most vulnerable. Ransomware attacks in particular are on the rise. In 2020, more than 2,000 public sector organizations—including municipalities—were targeted in these attacks.
These incidents highlight how local governments can become an easy target for cybercriminals. Often hampered by tight budgets, aging IT systems and small IT departments, protecting the endless amount of citizen data they’re entrusted with is getting harder and harder.
To achieve and maintain a strong security posture, state and local leaders must change how they think about cybersecurity. Instead of a technology-first approach, these organizations must start with a proactive defense strategy based on a citizen-first mindset.
Here are three considerations state and local government officials should consider in their security planning:
1. Protecting the public
To secure and protect public data, cities and counties must first identify the most critical data and assets in their digital environment. Though most organizations have a plan to maintain and protect servers and critical endpoints, the next step is determining the key components within them, including applications, data stores, systems, and even employees. Why? Because if an employee who has access to sensitive data is targeted with a phishing campaign—where threat actors send emails containing a malicious attachment or direct the recipient to a website containing ransomware—the entire data set could be compromised.
To read the complete article, visit American City & County.