Cybersecurity Checklist for Municipalities: Where to Begin?

“Where do I begin with cybersecurity?”

It’s one of the most common questions we get from municipalities.

You know cybersecurity is important. You hear about ransomware, viruses, and cyberattacks nearly every day. And, you sense that your current cybersecurity defenses may not defend you in case the worst happens. Yet, you keep putting off improving your cybersecurity. Why? Often, it's difficult to know where you should begin. 

As a way to start building a plan, we’ve distilled our tips, best practices, and recommendations into a checklist that cities and towns can use to score themselves, find cybersecurity gaps, and create an action plan.

Rank each item below on a scale of 1-5, with 1 being "worst" and 5 being "best". If you aren't sure how your organization ranks for a particular item, just identify it as a "zero." Then, use the list to identify and begin working on the lowest-rated and "zero" scoring items for your organization. 

Protect

This section is designed to allow you to evaluate how well you proactively identify weaknesses in your IT infrastructure and alert your organization to security-related issues. 

1. Employee policies and training: Periodic training helps teach employees how to detect and avoid common cyber threats. 

2. Multi-Factor Authentication (MFA): MFA is the process of verifying your identity more than once when accessing a system. It helps lessen risks associated with weak passwords, social engineering, and phishing attacks because it requires an extra identity confirmation before letting someone gain access to your systems. 

3. Antispam/ email filtering: Basic antispam and email filtering tools prevent many potential phishing email messages from reaching your employees' inboxes. 
4. Data loss prevention: Are you monitoring for unauthorized or suspicious access to your data?

5. Software patching: Do you regularly apply patches to your software?

6. Intrusion prevention: These tools work with your firewall to detect and automatically prevent attacks related to specific vulnerabilities. 

7. Change control policies and procedures: These procedures include logging and understanding the repercussions of all changes made to your security equipment and applications.

8. Mobile strategy: A well-defined mobile strategy may involve issuing work-only devices to employees or providing secure access to sensitive and confidential data if they are using a personal device.

9. Web content filtering: Do you have special tools in place that proactively block employees from accessing malicious or risky websites?

Detect

1. Security scanning: Are you conducting regular security scans of your systems to help identify vulnerabilities that you can then fix?

2. Dark web monitoring: These tools provide real-time alerts when information from your organization (such as administrative passwords) is found on the dark web so you can take proactive action against identity theft, blackmail, and more.

3. Intrusion detection services: Do you have a tool in place to watch for suspicious network traffic? 

4. Managed Detection and Response (MDR): What tools do you have in place that are looking for security threats across your entire IT environment? 

5. Endpoint Detection and Response (EDR): What tools do you have in place to detect suspicious behavior and potential cyberattacks on endpoint devices like servers, desktops, and laptops before cyberattackers can strike? 

6. Security Information and Event Management (SIEM): SIEM software and tools identify the most important and critical security alerts received from different systems, collect log files from different sources (servers, firewalls, VPN, email, cloud services, EDR, etc.), and identifies anomalies (such as a user logging in from another country). 

Respond and Recover

1. Data backup and disaster recovery: Do you back up your data both onsite and offsite? Do you test your data backup routinely? 

2. Offsite log retention: Logs are used for evidence related to cyber incidents. Without this data, you will be unable to analyze the full nature of a cyberattack, deduce the source of the attack, and remediate effectively.

3. Incident response planning: Have you developed a plan detailing how you respond to a cyberattack? This plan will help you react to an incident quickly, effectively, and with "muscle memory." 

4. Cyber liability insurance: While cyber liability insurance can't prevent an attack, it is there to help you recover financially from the costs of recovery. Improving your security foundation will help you lower cyber liability insurance premiums. 

VC3 partners with over 1,100 municipalities across the United States and Canada to improve their IT and reduce their cybersecurity risks. If you have questions or concerns about your self assessment score, now is the perfect time to talk with a strategic technology partner about your cybersecurity plan. A strategic technology partner can work with you to ensure that you have the right tools in place to protect your organization from the severe consequences of a cyberattack.

At VC3, our security experts are trained to work with you to assess your cybersecurity risks, outline what you need to secure your IT assets, and help you build a budget and roadmap to get you there.

Contact us today to schedule a free cybersecurity consultation.