Cyber Defense: Local Governments Weigh In

As technology continues to advance, cyberattacks are also on the rise. If you don’t have appropriate security measures in place, these attacks and breaches can be detrimental to your organization. Local governments are particularly at risk and face many different types of cyberthreats that continue to evolve.

What are some of these threats local governments face? What can be done to meet these specific cybersecurity challenges? How can you strengthen your overall cybersecurity posture? To answer these questions, Tyler Technologies hosted an Enterprise ERP webinar on cybersecurity in early October that featured two local government leaders as panel participants. Panelists included Susie Daily, chief information officer at the city of Delaware, Ohio, and Monte Watembach, director of information technology of Minnehaha County in South Dakota.

What Are Common Cybersecurity Threats Facing Local Government?

When it comes to cyberattacks, local governments face a heightened threat as attacks increase with resource-constrained operations. Preventing attacks from striking or quickly minimizing the spread of an attack remains a critical priority for local governments of all sizes.

As the director of IT operations, Watembach says, “From my perspective, social engineering and ransomware are probably the two "most common threats we face", and I think with time, the attacks will become more persistent and advanced.”

Daily says, "Network infrastructure from a firewall perspective is a common threat. It’s important to implement things like virus software, intrusion detection systems, and even physical network security to make sure our physical space and equipment is protected.” Both Watembach and Daily agree that protecting personal data and confidential information is paramount. It is a priority to adopt technology and solutions that provide this protection and eradicate cyberthreats before they turn into breaches.

What Can Be Done to Meet These Cybersecurity Challenges?

Before solutions or systems are put in place, it’s important for leaders to educate their employees about cybersecurity so they better understand technology risks and learn how to protect themselves from threats. Watembach says, “During a cybersecurity assessment, it was identified that we had county employees who were storing passwords in spreadsheets and text documents. We reached out and made sure they knew about the importance of password security.”

Watembach and his team then ended up turning to Tyler’s cybersecurity solutions to take advantage of various tools for secure password storage. One of these methods included mandatory password changes every few months. Daily also agreed that password security was something that needed to be addressed. In addition to routine password changes, Daily incorporated a new method. “We added the two-factor authentication process,” she said. “This was challenging since some people didn’t want to use their personal cell phones at first. It took some getting used to for most, but eventually became a routine process.”

How Can You Strengthen Your Cybersecurity Posture?

Cyberattacks can quickly corrupt an organization’s data, records, and overall reputation. It’s important to stay ahead of potential threats and put solutions in place that safeguard your organization and community. Once software is put in place, it becomes key to dive deep into the features and take advantage of everything the technology offers.

Watembach says, “It’s important to reevaluate the settings and configurations for all the tools you use. Whether it’s endpoint protection or firewall, there are a lot of settings that you should really spend more time with. Make sure you’re maximizing all capabilities.”

Another way to strengthen cybersecurity posture is to ensure everyone is appropriately educated. “Create baselines of cyber awareness with your users in terms of training,” says Daily. “Get a standard to follow that walks you through the different risk assessments, explains how to mitigate risks, and lets you know how to address an issue or attack if something happens. Once you adopt a set of standards like this, it serves as a valuable resource that helps you build that security posture.”

Watembach and Daily believe that these best practices should be exercised outside of work, as well, for their users to stay safe. “We want to let people know we value them as individuals and want what’s best for them,” says Daily.