Holistic Approach Required for Data Security
Data compromises and cyber-attacks are real threats for local government operations. As with all risks, MCIT looks for ways to partner with members to manage their risks and reduce losses. To that end, MCIT has developed resources that address data- and cyber-security concerns (see below).
Maintaining the security of private data is a significant responsibility for any public entity. Private data can be valuable to thieves and hackers who often sell the information on the black market worldwide. Despite the best measures that information technology professionals use to safeguard data and computer systems, thieves continually adapt to overcome these defenses.
‘Essentials of Data Security for Public Entities’
Securing private data is a significant responsibility for local governments. Maintaining data security in the face of real threats, such as hackers, activists and employee errors, is a challenge that everyone in the organization must work to overcome.
The purpose of “Essentials of Data Security for Public Entities” is to facilitate an organization’s entity-wide approach to creating a strong and resilient data- and cyber-security program. This guide should be shared at multiple levels within an organization, including IT professionals, elected board members, executive directors and administrators, department heads, managers and others as appropriate (e.g., safety committee).
The ideal use of the resource is before an incident occurs to assist in incident prevention strategies, incident response plans and employee education. Information about policies and best practices for a variety of topics are included. The book also provides check lists with each chapter to help determine which data security areas need improvement.
Chapters Included in ‘Essentials of Data Security’
- Data Compromise and Cyber-Liability Coverage: Note that coverage discussed is for the current coverage year (January-December) and is subject to change with the new coverage year.
- Data Privacy Laws
- Incident Preparation and Response
- Data Storage and the Cloud
- Secure Physical Access and Data Storage Rooms
- Vendor Contracts
- Secure Destruction
- Malware and Ransomware
- Social Engineering
- Safe Browsing
- Secure E-mail Practices
- Mobile Devices
- Security Patches and Updates
- Training Employees and Officials
Strengthen Employee Understanding with Quick Takes on Data Security
Often the weakest link in data security is the individual user; therefore, everyone has a responsibility in these efforts. Quick Takes on Data Security mini training scripts and handouts are used by supervisors to remind their team members about:
- data security threats
- methods to recognize them
- measures they can take to prevent or avoid data compromises, theft or other intrusions (e.g., ransomware attacks).
Quick Takes are not designed to serve as initial training. Rather they help keep data security on the mind of employees. Data security is everyone’s responsibility.
Minnesota Government Data Practices Act (MGDPA) attempts to strike a balance between the dual public policy goals of government transparency and data privacy. The Act regulates all government data collected, created, received, maintained, disseminated or stored by public government entities irrespective of the data’s physical form, storage, media or conditions of use. Failure to comply with the Act may result in civil damages, or civil or criminal penalties. Much of the Act dictates which data a public entity must keep secure. Details about the Act and tips for how to ensure compliance are offered in a number of articles in the Resource Library: