Cybersecurity Checklist for Municipalities: Where to Begin?

“Where do I begin with cybersecurity?”

It’s one of the most common questions we get from municipalities.

You know cybersecurity is important. You hear about ransomware, viruses, and cyberattacks nearly every day. And, you sense that your current cybersecurity defenses may not defend you in case the worst happens. Yet, you keep putting off improving your cybersecurity. Why? Often, it's difficult to know where you should begin. 

As a way to start building a plan, we’ve distilled our tips, best practices, and recommendations into a checklist that cities and towns can use to score themselves, find cybersecurity gaps, and create an action plan.

Rank each item below on a scale of 1-5, with 1 being "worst" and 5 being "best". If you aren't sure how your organization ranks for a particular item, just identify it as a "zero." Then, use the list to identify and begin working on the lowest-rated and "zero" scoring items for your organization. 

Protect

This section is designed to allow you to evaluate how well you proactively identify weaknesses in your IT infrastructure and alert your organization to security-related issues. 

1. Employee policies and training: Periodic training helps teach employees how to detect and avoid common cyber threats. 

2. Multi-Factor Authentication (MFA): MFA is the process of verifying your identity more than once to access to a system. It helps combat weak passwords, data breaches, social engineering, and phishing attacks because it requires that extra identity confirmation before letting someone. 

3. Antispam/ email filtering: Basic antispam and email filtering tools prevent many potential phishing email messages from reaching your employee's inboxes. 
4. Data loss prevention: Are you monitoring for unauthorized or suspicious access to your data?

5. Software patching: Do you regularly apply patches to your software?

6. Intrusion prevention: These tools work with your firewall to detect and automatically prevent attacks related to specific vulnerabilities. 

7. Change control policies and procedures: These procedures include logging and understanding the repercussions of all changes made to your security equipment and applications.

8. Mobile strategy: A well defined mobile strategy may involve issuing work-only devices to employees, or providing secure access to sensitive and confidential data if they are using a personal device.

9. Web content filtering: Do you have special tools in place that proactively block employees from accessing malicious or risky websites?

Detect

1. Security scanning: Are you conducting regular security scans of your systems to help identify vulnerabilities and hold that you can then fix?

2. Dark web monitoring: These tools provide real-time alerts when information from your organization (such as administrative passwords) is found on the dark web so you can take proactive action against identity theft, blackmail, and more.

3. Intrusion detection services: do you have a tool in place to watch for suspicious network traffic? 

4. Managed Detection and Response (MDR): what tools do you have in place that are looking for security threats across your entire IT environment? 

5. Endpoint Detection and Response (EDR): what tools do you have in place to detect suspicious behavior and potential cyberattacks on endpoint devices like servers, desktops, and laptops, before cyber attackers can strike. 

6. Security Information and Event Management (SIEM): SIEM software and tools detect and block threats and provide real-time analytics, providing you the data you need to identify the most important and critical security alerts 

Respond and Recover

1. Data backup and disaster recovery: do you backup your data both onsite and offsite? Do you test your data backup routinely? 

2. Offsite log retention: where are you storing your incident logs? And, for how long? audit and firewall logs should be kept for two months, but your most critical logs may need to be kept for 6 months - up to 7 years. The NIST recommended log period is 3 years

3. Incident response planning: have you developed a plan detailing how you respond to a cyberattack? This plan will help you to react to an incident quickly, effectively, and with "muscle memory" 

4. Cyber liability insurance: cyber liability insurance is a policy that mitigates the fallout of a cyber attack or incident. While it can't prevent an attack, it is there to help you recover financially from the costs of an attack and the liability aftermath. Improving your security foundation will help you lower cyber liability insurance premiums. 

VC3 partners with over 1,100 municipalities across the United States and Canada to improve their IT and reduce their cybersecurity risks. If you have questions or concerns about your self assessment score, it is the perfect time to talk with a strategic technology partner about your cybersecurity plan. A strategic technology partner can work with you to ensure that you have the right tools in place to protect your organization from severe consequences of a cyberattack.

At VC3, our security experts are trained to work with you to assess your cybersecurity risks, outline what you need to secure your IT assets, and help you build a budget and roadmap to get where you there.

Contact us today to schedule a free cybersecurity consultation.