Data Security

Holistic Approach Required for Data Security

Data compromises and cyber-attacks are real threats for local government operations. As with all risks, MCIT looks for ways to partner with members to manage their risks and reduce losses. To that end, MCIT has developed  resources that address data- and cyber-security concerns (see below).

Maintaining the security of private data is a significant responsibility for any public entity. Private data can be valuable to thieves and hackers who often sell the information on the black market worldwide. Despite the best measures that information technology professionals use to safeguard data and computer systems, thieves continually adapt to overcome these defenses.

Essentials of Data Security for Public Entities book cover image showing closed padlock surrounded by binary code
Damages from data compromises and cyber-attacks to a public entity are often costly, both financially and nonmonetarily. “Essentials of Data Security for Public Entities” provides strategies for members to help prevent and mitigate such incidents.

‘Essentials of Data Security for Public Entities’

Securing private data is a significant responsibility for local governments. Maintaining data security in the face of real threats, such as hackers, activists and employee errors, is a challenge that everyone in the organization must work to overcome.

The purpose of “Essentials of Data Security for Public Entities” is to facilitate an organization’s entity-wide approach to creating a strong and resilient data- and cyber-security program. This guide should be shared at multiple levels within an organization, including IT professionals, elected board members, executive directors and administrators, department heads, managers and others as appropriate (e.g., safety committee).

The ideal use of the resource is before an incident occurs to assist in incident prevention strategies, incident response plans and employee education. Information about policies and best practices for a variety of topics are included. The book also provides check lists with each chapter to help determine which data security areas need improvement.

Download “Essentials of Data Security for Public Entities”

Chapters Included in ‘Essentials of Data Security’

  1. Data Compromise and  Cyber-Liability Coverage: Note that coverage discussed is for the current coverage year (January-December) and is subject to change with the new coverage year.
  2. Data Privacy Laws
  3. Incident Preparation and Response
  4. Data Storage and the Cloud
  5. Secure Physical Access and Data Storage Rooms
  6. Vendor Contracts
  7. Secure Destruction
  8. Malware and Ransomware
  9. Passwords
  10. Social Engineering
  11. Safe Browsing
  12. Secure E-mail Practices
  13. Mobile Devices
  14. Security Patches and Updates
  15. Training Employees and Officials

Thumbnail of Quick Take on Data Security training scriptStrengthen Employee Understanding with Quick Takes on Data Security

Often the weakest link in data security is the individual user; therefore, everyone has a responsibility in these efforts. Quick Takes on Data Security mini training scripts and handouts are used by supervisors to remind their team members about:

  • data security threats
  • methods to recognize them
  • measures they can take to prevent or avoid data compromises, theft or other intrusions (e.g., ransomware attacks).

Quick Takes are not designed to serve as initial training. Rather they help keep data security on the mind of employees. Data security is everyone’s responsibility.

Related Resources

Minnesota Government Data Practices Act (MGDPA) attempts to strike a balance between the dual public policy goals of government transparency and data privacy. The Act regulates all government data collected, created, received, maintained, disseminated or stored by public government entities irrespective of the data’s physical form, storage, media or conditions of use. Failure to comply with the Act may result in civil damages, or civil or criminal penalties. Much of the Act dictates which data a public entity must keep secure.  Details about the Act and tips for how to ensure compliance are offered in a number of articles in the Resource Library: