Securing private data is a significant responsibility for local governments. Maintaining data security in the face of real threats, such as hackers, activists and employee errors, is a challenge that everyone in the organization must work to overcome.

Damages from data compromises and cyber-attacks to a public entity are often costly, both financially and nonmonetarily. Money is required to correct security issues, restore lost or damaged data, handle legal action and pay regulatory fines. The nonfinancial costs to a public entity can be damaging to an organization’s reputation, lowered morale and loss of the public’s trust.

It is best if your organization has a robust data security program and response plan established before an incident occurs. Now is the time to assess how strong your entity’s programs and plans are before an attack or data compromise happens. Using enterprise risk management methods, this guide is designed to assist in your efforts.

‘Essentials of Data Security for Public Entities’

This guide is not intended to be, nor is it, a technical resource. Rather this guide should be used to stimulate conversations among your organization’s leadership and provide them with strategies to help your organization secure private data, whether it is electronic or paper in format.

Maintaining vigilance and being aware of new threats as they emerge is necessary for everyone within your organization. To this end, the guide includes key terms and vetted resources for individuals to consult for continuous and updated best practices.
Checkups are included with each chapter that provide an opportunity to determine which data security areas need improvement.

This resource should be shared at multiple levels within your organization, including information technology (IT) managers, elected board members, executive directors and administrators, department heads, managers, and others as appropriate (e.g., safety committee).

Information about policies and best practices for a variety of topics are included in this resource. As the threats to data security rapidly evolve and systems used by member organizations are varied, this guide often leaves specifics up to the information technology professionals within your organization.

Access and download the entire book or select chapters from the links below.

The Guide’s Chapters

1. Data Compromise and  Cyber-Liability Coverage: Note that coverage discussed is for the current coverage year (January-December) and is subject to change with the new coverage year.
2. Data Privacy Laws
3. Incident Preparation and Response
4. Data Storage and the Cloud
5. Secure Physical Access and Data Storage Rooms
6. Vendor Contracts
7. Secure Destruction
8. Malware and Ransomware
9. Passwords
10. Social Engineering
11. Safe Browsing
12. Secure E-mail Practices
13. Mobile Devices
14. Security Patches and Updates
15. Training Employees and Officials

• Download File "Essentials of Data Security for Public Entities_08_2021"
• Download File "Introduction_Essentials of Data Security_03_2021"
• Download File "1_Cyber_Suite_Coverage_Essentials of Data Security_03_2021"
• Download File "2_Data Privacy Laws_Essentials of Data Security_03_2021"
• Download File "3_Incident Prep Response & Recovery_Essentials of Data Security_08_2021"
• Download File "4_Data Storage and the Cloud_Essentials of Data Security_08_2021"
• Download File "5_Secure Physical Access & Data Storage Rooms_Essentials of Data Security_08_2021"
• Download File "6_Vendor Contracts_Essentials of Data Security_08_2021"
• Download File "7_Secure Destruction_Essentials of Data Security_08_2021"
• Download File "8_Malware_Essentials of Data Security_08_2021"
• Download File "9_Passwords_Essentials of Data Security_08_2021"
• Download File "10_Social Engineering_Essentials of Data Security_08_2021"
• Download File "11_Safe Browsing_Essentials of Data Security_08_2021"
• Download File "12_Secure Email Practices_Essentials of Data Security_08_2021"
• Download File "13_Mobile Devices_Essentials of Data Security_08_2021"
• Download File "14_Security Patches_Essentials of Data Security_08_2021"
• Download File "15_Training Employees & Officials_Essentials of Data Security_08_2021"