Obviously, private businesses must secure information for many reasons: establishing trust for customers, protecting against lawsuits, and following regulations. And, with some exceptions (such as Equifax), businesses usually operate with information that customers have agreed to hand over.
Cities operate quite differently. They are part of the fabric of our country. And citizens are required to interact with cities if they want to live somewhere.
That means you are given sensitive and confidential information to protect. Yet, cities still fail to protect electronic information appropriately—leaving that information open to hackers, risking stolen information, and increasing the chance of permanent data loss.
Let’s take a tour through a typical city’s information and analyze why it’s so important to protect.
The records you must retain for specific periods of time vary depending on the information. Employee accident reports will differ from visitor logs. Business licenses will differ from meeting minutes. Plus, different city records will vary in confidentiality and sensitivity, leading to different processes related to releasing those records in case of Open Records Requests.
While a city can often retain and eventually find records if sought, instances of chaos occur when records are hard to find or remain paper-based. Best practices for securing city records include:
At the most foundational level, these security tips will help you protect city records along with other specialized information.
Your city’s financial information includes all operational finances, tax information, and online payment information. Over the past few years, we’ve seen cities relentlessly targeted for their financial information—with hackers seeking to take over bank accounts, steal money, and sell financial data on the black market. Preventing threats to your financial data requires information security strategies such as:
There’s a reason why city council meetings keep personnel discussions confidential. Many extremely sensitive details are included with personnel information such as personal history, background checks, tests (such as drug tests), healthcare, and work performance. Similar to points made above, you need to protect that information with special care. Information security is especially important here because you are legally required to protect personnel details.
PII includes information such as a person’s name, physical address, email address, race, sex, date of birth, social security number, driver's license number, and other personal details. This recorded information, in paper or digital form, is used by individuals to identify themselves when conducting transactions with entities.
Not protecting this information leaves it open for theft by hackers, and this information is used and sold to commit identity theft. There is risk and liability in maintaining PII, so confirm if you need to keep it and securely purge what PII you don’t need to keep. To protect the PII you do keep:
Public safety departments need to keep information secure with modernized technology, up-to-date software (that receives regular security patches), and proactive monitoring and alerting of your technology systems for issues. Otherwise, your lack of information security risks exposing sensitive case and investigation data to a hacking incident that may lead to severe financial, legal, and operational repercussions.
As stewards of important citizen and city business information, cities need to treat electronic information just as they would treat valuables locked up in a vault or locking the doors of buildings. How secure is your information? If you have concerns, reach out to us today.
Original Date: 7/10/2019