MHUG 2023 ConferenceA growing number of municipalities and local government bodies are taking advantage of online portals to connect with their citizens. Faster service delivery, cost savings, and 24/7/365 availability all speak in favor of e-government platforms. Read more. However, making services available online also carries risks. That is why cybersecurity needs to be a priority for any administration using online citizen services.
Recognizing potential threats and safeguarding sensitive information needs to become second nature for municipalities across the United States. One of the best options to increase safety is to choose an e-government platform that offers safety by design.
Cybersecurity Threats to Local Governments
A few years ago, cyberattacks mainly used to be the subject of movies. They used to feature a smart hacker in front of a computer plotting to attack corporations or threaten leading governments of the world.
Today, the movie scenario has become a reality that Chief Security Officers and IT departments are dealing with regularly. In the public sector, federal governments are no longer the only targets of cyberattacks. Local governments and municipalities are facing the same dangers.
According to the International City/County Management Association (ICMA), some of the most common threats include:
- Phishing: Phishing attacks are a form of social engineering, in which attackers contact their victims by posing as a trusted party. The goal is to extract information the attacked person or entity would not normally share.
- Malware: Malware is short for malicious software. This type of software is installed on the target organization’s network to extract information or block user access, for example.
- Ransomware: Ransomware is a form of malware used to demand a ransom from the target. During the process, the attacker encrypts critical files or sensitive data, forcing the victim to pay out to regain access.
- Zero-day: Zero-day attacks refer to using a weakness in the target’s IT system or network to conduct an attack. Outdated software versions are one option used by cybercriminals
Any of these attacks have the potential to disrupt local government services. In some cases, that means citizens lose access to online services, causing inconvenience. Processes like license renewal and building permit applications may be delayed.
However, if the attackers’ motives are more sinister, they may target vital services like wastewater treatment plants. In those cases, the pressure on local governments to pay a ransom, for example, increases dramatically. After all, untreated wastewater can quickly cause a health threat. Cybersecurity measures are designed to prevent or counteract these attacks.
Why Municipalities Are a Target of Cyberattacks
At first sight, it may seem unlikely for cybercriminals to attack local governments and municipalities when they could aim for bigger targets. But several reasons put municipalities in the crosshairs of attackers.
Many Small Targets Make a Large Target
While individual municipalities may seem like small targets, there are tens of thousands of local government entities across the country. Just before the pandemic, the U.S. Census Bureau counted over 90,000 in total. Most of these administrations use networked technology to manage processes, deliver services to citizens, and store critical information.
Experts estimate that, between them, these local governments spent more than $100 billion on IT services and systems before the coronavirus pandemic. As lockdowns and other restrictions forced more services online, this is likely to have increased and may continue to increase further.
Investment and Information
Local government organizations have invested significant amounts of their budgets into technology. The need to protect their investment may make them more likely to give in to demands for ransom money or similar threats.
It is hard to overestimate how much sensitive information is stored by local government bodies. Much of this information is detailed enough to identify individuals or their businesses. Municipalities and others also hold their own financial information. All of this can be valuable to a criminal attempting to extract money.
Lack of Protection
The biggest reason for local governments falling victim to cyberattacks is the fact that they can make easy targets, even for inexperienced cyber criminals. Research into the cybersecurity preparedness of local governments conducted by the University of Maryland revealed some alarming results.
The scientists found that effective cybersecurity measures were rarely in place. Instead, many of the survey’s respondents admitted to following IT procedures and policies that were no longer considered to be best practice.
One in three respondents felt they would be unable to tell whether they were under attack by cybercriminals until the damage became obvious. Those who knew they were being targeted regularly, were subject to frequent attacks.
America’s local governments truly are under attack by cybercriminals. With attacks this frequent, both in terms of time and location, it is time to step up efforts to protect and defend themselves.
What is Cybersecurity and How Can Municipalities Take Advantage
Putting in place effective protection against cyberattacks starts with fully understanding the threat and how to counter it.
Compared to private sector entities, government bodies face similar cybersecurity threats. However, most local governments have fewer resources to help protect themselves against these threats. They rarely offer the same remuneration packages that private sector companies can. In addition, local government bodies need to operate within a framework of public sector regulations. This combination makes the improvement of cybersecurity challenging.
What is Cybersecurity?
At this point, it is worth taking a closer look at the term cybersecurity. Cybersecurity has become a bit of a buzzword over the past decade.
At its base, the term refers to the use of technology and processes to protect computer systems, servers, mobile devices, and data from malicious attacks. For local governments, that means using the resources they can access to improve their overall protection.
Municipalities and other bodies may not have the same budget and personnel at their disposal that private sector bodies have, they still have plenty of options.
Improving Cybersecurity Locally
On a federal level, President Joe Biden recently signed an Executive Order calling on federal government agencies to improve their defenses against cyber threats. The plans and directives include strengthening software at the point of supply. The President also called on federal agencies to create a playbook for dealing with cyberattacks.
Local governments may not face the same threats as federal agencies, and they may not have the same resources at their disposal. But they can still implement some of the same recommendations.
Overhauling Procedures
Overhauling existing IT procedures and policies is an excellent starting point. This process allows municipalities and others to identify points where they are vulnerable and may face attacks in the future. Tightening up procedures relating to data processing and storage is a critical part of that. Limiting access is another key factor. Part of the overhaul process is to ensure compliance not only with existing regulations but also with industry best practices.
Choosing Secure Software Tools
When it comes to choosing a software platform to deliver e-government services, government bodies need to make security a priority during their procurement process. Offering online citizen services may be about streamlining processes like code enforcement and making it easier for people and businesses to connect with their government. But none of this needs to come at the expense of cybersecurity.
24/7/365 access should not put local governments at a level of risk they can no longer manage. Instead, it is important to have a conversation with the potential supplier about existing cybersecurity measures. How protected is your municipality when you implement a particular online platform? Leading software options have been designed with cybersecurity at the core.
Another question to ask vendors is what ongoing support measures local governments can count on and how regularly e-government software tools will be reviewed and updated. Keeping software programs and other components of your IT systems up to date is a large part of keeping a local government body protected from cyberattacks.
Final Thoughts
Our world is becoming ever more connected. More services, both in the public and private sectors, are moving online. This development makes government services more easily accessible and has advantages for both municipalities and citizens.
However, to truly benefit communities and build trust between users and administrations, cybersecurity needs to be a priority for all e-government platforms. Cyberattacks are no longer a movie scenario. For that reason, protection from these attacks is far more than an afterthought for suppliers and their customers. It is one of the core design features of leading online citizen service platforms.
To learn more about how software with integrated cybersecurity measures can protect you and your community, contact our team and schedule a demo today.