Nine Cybersecurity Best Practices for Local Governments
Cybersecurity has become a critical focus for municipalities and county governments. Here are nine suggestions for improving their network security posture.
In its 2024 Cyber Threat Report, SonicWall found an alarming rise in malicious intrusion attempts and malware attacks, underscoring the heightened vulnerability of local governments. A common predicament compounds this situation: Many municipalities are under-resourced, struggling to equip their teams with the necessary staff, training, education and technology to counter these diverse and sophisticated threats effectively.
As local governments navigate the complex cybersecurity landscape, it’s crucial to lay a strong foundation. This blog outlines nine best practices local governments should implement to enhance their cybersecurity measures. With careful planning, thorough diligence and innovative strategies, these recommendations provide a roadmap for building robust protection against cyber threats.
1. Have a Plan
It’s critically important to have a plan encompassing the basic, foundational and organizational controls to protect, detect and respond to cyber incidents. Organizations like the Cybersecurity and Infrastructure Security Agency (CISA) offer resources for state, local, tribal and territorial governments that include more best practices, along with case studies to help government IT teams recognize and address cybersecurity risks.
2. Leverage the Resources of the NIST
The National Institute of Standards and Technology (NIST) offers invaluable resources for managing cybersecurity risks. The NIST’s cybersecurity framework is based on five pillars — identify, protect, detect, respond and recover — and is accompanied by online modules, examples, FAQs and more, all available for free.
3. Get Insurance
A robust risk mitigation policy includes the understanding that cyber liability insurance is increasingly essential. Policies covering privacy liability, network interruption, and errors and omissions provide financial safeguards and peace of mind during a data breach. But do your homework— the requirements and costs of these policies continue to snowball.
4. Thoroughly Assess Your Processes
Commit to periodically evaluating your organization’s cybersecurity posture and training efforts. Initiating your cybersecurity journey requires a thorough review. This assessment helps uncover critical gaps and provides a baseline for future progress monitoring.
Expensive external evaluations aren’t always necessary: Free resources such as the Department of Homeland Security’s Infrastructure Survey Tool and Cyber Resilience Review offer valuable insights and can help you identify and document the cyber resilience of a facility. The CISA Cybersecurity Evaluation Tool (CSET) is a user-friendly desktop application that can help you assess the security posture of your cyber systems and networks.
5. Stick to the Basics
Simple, tried-and-true measures can significantly fortify your defenses. Regular software updates — preferably automated — are fundamental, and having secure backups of sensitive digital and physical files is crucial. Follow cybersecurity leaders when it comes to best practices for password protection. Set a firm cybersecurity policy for all organization members (from leadership to staff) to ensure that all personnel follow policy and that their connected devices comply with standard security methods like data encryption and multi-factor authentication (MFA).
6. Train, Retrain and Train Some More
In the report “Cost of a Data Breach,” the Ponemon Institute highlights human error as a leading cause of network security breaches. Periodic comprehensive staff training in cybersecurity is non-negotiable, ensuring every organization member can identify, mitigate and respond effectively to threats. It’s critical to tell them, tell them again, and then tell them what you told them. Adopt a mindset that cybersecurity is everyone’s business.
7. Offer Internships
The cybersecurity skills gap continues to be a concern — specifically, expertise in cloud computing, zero trust and AI/machine learning. States and municipalities have a unique collaboration opportunity with local colleges, universities and nonprofits that can offset the financial burden of enhancing cybersecurity infrastructure. For instance, contact a local college or university for young talent who want real-world experience outside the classroom. Here’s your opportunity to build partnerships that can yield technical assistance and build relationships in the community, while also nurturing future industry talent.
8. Keep Up
Cybersecurity is not a one-and-done issue. It’s constantly evolving based on factors ranging from law enforcement activity to technological advancements. Hackers now work in semi-corporate environments with access to shared (and often paid) services to extend their reach.
As we build out AI for its societal benefits, cybercriminals are implementing AI to drive breach activity. To help you stay informed, pick a handful of government resources, journals and bloggers like SonicWall’s network security experts to help you keep up to date in this rapidly moving threat environment.
9. Outsource SecOps
Outsourcing is an option for your high-level cybersecurity operations and deployments. A recent survey by the ICMA (International City/County Management Association) on the state of cybersecurity in municipalities in the United States found that more than half (about 50.9%) of local governments are now outsourcing many cybersecurity operations.
Why outsource? Nurturing and maintaining in-house specialized skills is complex and can be cost prohibitive. SonicWall’s partner network encompasses hundreds of professionally trained Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) that can assist in developing and rolling out a comprehensive cybersecurity solution. Contact SonicWall’s local government team for assistance in selecting one for your organization.
Next Steps for Cybersecurity
In the dynamic world of cyber threats, local governments must remain vigilant and adaptable. By embracing these best practices and staying abreast of new developments, you can build a robust defense against a spectrum of cyber threats. Enhancing cybersecurity can be daunting — especially for resource-strapped municipalities — but local governments can improve cybersecurity by being proactive, educated and resourceful. This proactive approach is not just about safeguarding data and infrastructure; it’s about protecting the trust and well-being of the communities we serve.
We can tailor a solution for almost any government use case. Contact us to learn more.
