Resource Library

Essentials of Data Security for Public Entities

Essentials of Data Security for Public Entities book cover image showing closed padlock surrounded by binary codeSecuring private data is a significant responsibility for local governments. Maintaining data security in the face of real threats, such as hackers, activists and employee errors, is a challenge that everyone in the organization must work to overcome.

Damages from data compromises and cyber-attacks to a public entity are often costly, both financially and nonmonetarily. Money is required to correct security issues, restore lost or damaged data, handle legal action and pay regulatory fines. The nonfinancial costs to a public entity can be damaging to an organization’s reputation, lowered morale and loss of the public’s trust.

It is best if your organization has a robust data security program and response plan established before an incident occurs. Now is the time to assess how strong your entity’s programs and plans are before an attack or data compromise happens. Using enterprise risk management methods, this guide is designed to assist in your efforts.

‘Essentials of Data Security for Public Entities’

This guide is not intended to be, nor is it, a technical resource. Rather this guide should be used to stimulate conversations among your organization’s leadership and provide them with strategies to help your organization secure private data, whether it is electronic or paper in format.

Maintaining vigilance and being aware of new threats as they emerge is necessary for everyone within your organization. To this end, the guide includes key terms and vetted resources for individuals to consult for continuous and updated best practices.
Checkups are included with each chapter that provide an opportunity to determine which data security areas need improvement.

This resource should be shared at multiple levels within your organization, including information technology (IT) managers, elected board members, executive directors and administrators, department heads, managers, and others as appropriate (e.g., safety committee).

Information about policies and best practices for a variety of topics are included in this resource. As the threats to data security rapidly evolve and systems used by member organizations are varied, this guide often leaves specifics up to the information technology professionals within your organization.

Access and download the entire book or select chapters from the links below.

The Guide’s Chapters

  1. Data Compromise and  Cyber-Liability Coverage: Note that coverage discussed is for the current coverage year (January-December) and is subject to change with the new coverage year.
  2. Data Privacy Laws
  3. Incident Preparation and Response
  4. Data Storage and the Cloud
  5. Secure Physical Access and Data Storage Rooms
  6. Vendor Contracts
  7. Secure Destruction
  8. Malware and Ransomware
  9. Passwords
  10. Social Engineering
  11. Safe Browsing
  12. Secure E-mail Practices
  13. Mobile Devices
  14. Security Patches and Updates
  15. Training Employees and Officials