Resources Help Prevent and Minimize Breaches
Local governments are not immune from data and cybersecurity breaches. Employers and employees have a legal obligation to protect certain data and the operations of the entity. It is incumbent on local governments and their employees to take steps to secure the entity’s equipment, systems and networks.
2 Factors Are Key to Data- and Cybersecurity
Two factors are key to a local government’s data and cybersecurity:
- Technical tools, such as passwords, email security filters and multifactor authentication
- Employee behavior, including keeping passwords secret and recognizing phishing scams
These two factors work in tandem to help maintain the security of an organization’s information and operations. For example, multifactor authentication (a technical tool) only functions as it should if all employees keep their passwords unique, complex and secret while also securing their secondary authentication method (e.g., maintaining control of their fob, phone or passkey).
Read “Simple Strategies Shore Up Cybersecurity”
Resources Abound to Support Members’ Risk Management Efforts
MCIT and other organizations offer no- or low-cost data- and resources to assist members in preventing and minimizing data breaches and cybersecurity incidents.
MCIT Resources
The Resource Library includes a number of items that help members learn about and manage their data and cyber risk exposures. Below are a few featured items.
Essentials of Data Security for Public Entities
This guide should be used to stimulate conversations among an organization’s leadership and provide them with strategies to help the entity secure private data, no matter the format, and systems.
Email Security Awareness: Digital Images
Most MCIT member cyber-related claims have two factors in common: email and employee behavior. These email security digital images help employers remind staff to Click Wisely.
10 Cybersecurity Considerations When Contracting for IT Services
To help ensure that the public entity’s data remains secure, it should establish written contracts with all individuals or companies that access, collect, maintain, manipulate or store member data in any format. It is critical that the contractual agreement is well-crafted from the start to manage risks and eliminate ambiguity in the event of a data compromise or cyber event.
Developing a Data and Cyber-security Incident Response Plan
A cyber-incident response plan customized for your organization’s operations and systems is critical to managing response efforts and to mitigate damage from a data or cyber-security incident.
Cybersecurity Self-Assessment
The Cybersecurity Self-assessment is a broad checklist that an organization uses internally to assist in identifying data security areas it needs to strengthen.
Quick Takes on Data Security
Quick Takes on Data Security are scripts that serve as short reminders for staff regarding data security best practices. Quick Takes on Data Security focus on a variety of security concerns, including email best practices, phishing and social engineering, and passwords.
Other Organizations Offer Resources and Services
eRiskHub®
eRiskHub is a third-party website that provides a wealth of tools and resources to help organization’s understand their exposure, establish a response plan and minimize the effects of a breach on the organization. MCIT offers its members access to this restricted site as part of MCIT membership.
Cyber Resilience Special Section
This sections walks through three steps to protect organizations:
STEP 1: Protect Your Network
STEP 2: Prevent Cyber Fraud
STEP 3: Prepare for an Incident
Each area includes links to resources within eRiskHub to help members complete the step.
More at eRiskHub
- Guides for developing incident response plans
- Sample policies around cyber and data security
- Tabletop exercises to practice incident response plans
- Cyber-security training tools to support employee awareness efforts
- Phishing- and ransomware-specific information and tools
- More!
Register to Access Site
Individuals must first set up a site log in using the MCIT access code to complete this form. The access code has been shared with members’ primary contacts. If needed, members may contact MCIT to request the code again.
eRiskHub is operated and maintained by NetDiligence,® a company of Network Standard Corporation. MCIT is not responsible for the site’s content nor does it endorse any specific product on the site.
Cybersecurity and Infrastructure Security Agency
As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to and mitigate the impact of cyberattacks. This federal agency is part of the Department of Homeland Security.
FTC: Cybersecurity for Small Businesses
The Federal Trade Commission provides cybersecurity resources for small businesses, much of which apply to small local governments. The resources were developed in partnership with the National Institute of Standards and Technology, the U.S. Small Business Administration and the Department of Homeland Security.
National Cybersecurity Alliance: StaySafeOnline.org
The National Cybersecurity Alliance is a nonprofit organization with the goal to make cybersecurity easier and more accessible, so that individuals and organizations can experience the benefits technology brings to our lives without worry. Alliance initiatives include National Cybersecurity Awareness Month (October), Data Privacy Week (late January), AI Fools (awareness campaign on AI-enabled scams & responsible AI use), Cybersecure My Business (equips small organization leaders with the core understanding of how entities are vulnerable to cyber attacks), among others.