Cyberattacks are a growing threat in both the private and public sector, yet local governments possibly stand to lose more than their private sector counterparts: The trust of their constituents and voters. According to the 2017 Accenture report, The Cost of Cyber Crime, the number of cyberattacks against government agencies is increasing, with public sector organizations experiencing 53 such attacks on average per week during 2017. With local government IT teams lacking critical knowledge in the area of cybersecurity, they make their civic and citizen data further vulnerable to hackers and cyber extortionists with the skills needed to target the systems of the highest-risk communities.
This October, you owe it to your taxpayers to do more than simply acknowledge Cybersecurity Month. Commit to investing in the resources, partners, and training you need to keep your civic and citizen data safe. A successful Cybersecurity Month strategy will require a two-pronged approach: Addressing your cybersecurity skill gap and planning a strategic outsourced alliance with a trusted security solution provider.
The Cybersecurity Skill Gap
With technology evolving at an unprecedented rate, IT directors in the public sector are feeling the pressure to ensure not only that they remain informed of the latest tools and trends, but that their entire teams are equally knowledgeable. With budget constraints always at the forefront of concerns for cost-conscious IT directors, it may not always be fiscally feasible to routinely outsource training and education for every member of your team. Instead, prioritizing techniques must be implemented to raise the level of technical skill and competency in the most knowledge-deprived areas with the potential to make the most critical impact on infrastructure and civic data. For this reason, local government IT teams are realizing—and working to address—a critical skill gap in the area of cybersecurity.
Addressing the Skill Gap
Do not wait for another budget or strategic planning cycle to begin enabling staff to obtain the in-depth training they need to learn about such critical cybersecurity components as network infrastructure, SSL, cloud computing applications, security analysis and investigation, application security, attack vectors, and attack schemes such as distributed denial of service (DDoS) attacks.
Rely on guidance established under The Federal Cybersecurity Workforce Assessment Act to determine the vastness of your staff’s knowledge gap and prioritize instructional areas. When established, the goal of The Federal Cybersecurity Workforce Assessment Act was to align the strategic management of the Federal cybersecurity workforce with the national standard set in the National Initiative for Cybersecurity Education (NICE) Workforce Framework. By following the Cybersecurity Workforce assessment procedures, at the conclusion of your analysis, you should have identified your IT department’s greatest skill shortages, have analyzed the cause of those shortages and provided measurable action plans to address them initially and on an ongoing basis.
Next, commit to comprehensive internal staff training. Assess the risks your systems face from outdated infrastructure and manual processes. Use your training efforts as an opportunity to document and formalize all cybersecurity protocol for your community. Also, cultivate a culture that prioritizes cybersecurity. From new hires to tenured staff, communicate clearly to every member of your team that cybersecurity is a critical priority of your IT department, and that it plays a vital role in your administrative public service efforts. Doing so will encourage staff to seek out additional knowledge sources and educational opportunities to supplement provided training.
Rely on a Trusted Outsourced Partner
In tandem with internal training, local governments should consider outsourcing their hosting and security efforts to minimize the footprint of a potential cyber threat. Local governments that host their data repositories and digital systems risk exposing their infrastructure to an attack vector and footprint that makes too much data vulnerable to exposure. As an alternative approach to safeguarding data, local governments that choose to outsource their website design and hosting are better protected, experience less strain on staff, and can refocus their hiring strategy so as not to require dedicated funding to a single cybersecurity internal resource.
The Benefits of External Security Hosting
Local governments that outsource their hosting to a trusted partner benefit from:
- The convenience of trusting that a critical data management component is being serviced and monitored by experts.
- The ability to focus more time and attention on IT matters that require the attention and strategy of directors and other key personnel, such as leading digital transformation initiatives.
- Integrated service offerings such as website design and development and a single source for support.
What to Look for in a Third-Party, Website Host
When choosing a partner to host your valuable civic and citizen data, keep the following requirements in mind:
- A highly reliable data center in a highly secure facility
- Managed network infrastructure
- On-site power backup and generators
- Multiple telecom/network providers
- A fully redundant network
- 24/7 system monitoring
- Automated software updates
- Service management and monitoring
- Multi-tiered software architecture
- Regular service software and database server updates and security patches
- Anti-virus management and updates
- Redundant firewall solutions
- A disaster recovery plan that includes emergency 24/7 support
- A defined DDoS mitigation attack process and continuous DDoS mitigation coverage
Remember, a cybersecurity skill gap or unsecure hosting strategy will put your citizen and civic data at risk. This October, ensure you are taking all possible steps to enable quality skill advancement and digital community security by formulating your community cybersecurity upskill and outsourcing plan today.
This content is made possible by our sponsors; it is not written by and does not necessarily reflect the views of e.Republic’s editorial staff.