By Roxy Barboza

October is Cybersecurity Awareness Month. During this annual observation, government and private industry partners work together to raise awareness about digital security. Their primary objective is to empower everyone to protect their personal data. 

Local governments store considerable amounts of sensitive information, especially personally identifiable information such as names, addresses, driver’s license numbers, and more. Considering that this information is so valuable to hackers, local leaders should be proactive and vigilant about securing the networks where this kind of data is stored. 

A recent survey indicates that more than half of the 14 largest local governments are victims of consistent cybersecurity attacks. More than a quarter of those localities said their systems are targeted hourly, and 14.3% of those municipalities indicated that they are attacked on a daily basis. Limited local resources might make it difficult for local leaders to increase investment in cybersecurity, but there are resources that local governments and their communities can use to  learn more, build their own cybersecurity playbook, and receive up-to-date cybersecurity training.  

Next Century Cities was named a 2022 Cybersecurity Awareness Month champion for being dedicated to promoting a safer, more secure and trustworthyInternet. Member municipalities should consider the following resources as a first step to securing residents’ data:

• Cybersecurity and Infrastructure Security Agency Cyber Essentials Toolkits | A set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the six interrelated aspects of an organizational culture of cyber readiness:
  • Chapter 1: Yourself, The Leader – Drive Cybersecurity Strategy, Investment, and Culture
  • Chapter 2: Your Staff – Develop Security Awareness and Vigilance
  • Chapter 3: Your Systems – Protect Critical Assets and Applications
  • Chapter 4: Your Surroundings – The Digital Workplace
  • Chapter 5: Your Data – Make Backups and Avoid the Loss of Information Critical to Operations
  • Chapter 6: Your Crisis Response – Limit Damage and Quicken Restoration of Normal Operations

• CISA StopRansomware | Local officials will find information about the critical steps that should be taken to respond to and recover from a cyberattack. It includes a Ransomware Guide and Cyber Hygiene services that are available at no cost to help organizations with vulnerability scanning, web application scanning, penetration testing, and phishing assessments.

• Federal Communications Commission Cyberplanner | The FCC created an online resource to help organizations create customized cybersecurity plans. Organizations can use this tool to create and save a custom cybersecurity plan, choosing from a menu of expert advice to address their specific business needs and concerns.

• Center for Internet Security Multi-State Information Sharing and Analysis Center (MS-ISAC) | Municipal Research and Services Center (MRSC) is a nonprofit organization that helps local governments across Washington State. It created a resource for state, local, and tribal government information sharing, early warnings and alerts, mitigation strategies, training, and exercises that is a template for other states.