The Growing Threat of Cybersecurity
Cyberattacks are a growing threat in both the private and public sector, yet local governments possibly stand to lose more than their private sector counterparts: The trust of their constituents and voters. According to the 2017 Accenture report, The Cost of Cyber Crime, the number of cyberattacks against government agencies is increasing, with public sector organizations experiencing 53 such attacks on average per week during 2017. With local government IT teams lacking critical knowledge in the area of cybersecurity, they make their civic and citizen data further vulnerable to hackers and cyber extortionists with the skills needed to target the systems of the highest-risk communities.Addressing the Upskill of Cybersecurity in Civic IT
Do not wait for a cyberattack to test your systems and your team. What follows are the steps local government IT directors need to take to upskill their staff members in the area of cybersecurity.Act Now
Do not wait for another budget or strategic planning cycle to begin enabling staff to obtain the in-depth training they need to learn about such critical cybersecurity components as network infrastructure, SSL, cloud computing applications, security analysis and investigation, application security, attack vectors, and attack schemes such as distributed denial of service (DDoS) attacks.
Follow Federal Best Practices
Rely on guidance established under The Federal Cybersecurity Workforce Assessment Act to determine the vastness of your staff’s knowledge gap and prioritize instructional areas. When established, the goal of The Federal Cybersecurity Workforce Assessment Act was to align the strategic management of the Federal cybersecurity workforce with the national standard set in the National Initiative for Cybersecurity Education (NICE) Workforce Framework.While federal agencies must comply with The Federal Cybersecurity Workforce Assessment Act, it can serve as a planning tool for municipal entities as well. Upon its enactment, the Federal Cybersecurity Workforce Assessment Act advised federal agencies to conduct a baseline assessment of their existing workforce by completing the following steps:
- Identify the percentage of staff with Information technology, cybersecurity, or cyber-related functions who currently hold appropriate industry-recognized certifications
- Identify the level of preparedness of staff without credentials to take certification exams
- Identify a strategy for mitigating any gaps identified with appropriate training and certification for existing staff.
Put an Action Plan in Place
By following the Cybersecurity Workforce assessment procedures, at the conclusion of your analysis, you should have identified your IT department’s greatest skill shortages, have analyzed the cause of those shortages and provided measurable action plans to address them initially and on an ongoing basis.Encourage Key Staff to Obtain Security Certifications
When developing ongoing training plans, rather than simply offering employees access to training courses, enable key staff members to obtain security certifications to ensure they receive the most thorough, actionable knowledge.Build Repeatable Processes
As part of your training efforts, assess the risks your systems face from outdated infrastructure and manual processes. Use your training processes as an opportunity to document and formalize all cybersecurity protocol for your community.Include Non-IT Staff in Your Overarching Cybersecurity Training Plan
If you intend to invest in a quality local government website hosting solution partner and the training of your IT staff, why wouldn’t you ensure non-technical staff understand the role they play in keeping your systems secure? Every employee needs to understand the risks involved with opening suspicious attachments or clicking links from unknown senders, and who on your team to contact with any questions or concerns.Cultivate a Culture that Prioritizes Cybersecurity
From new hires to tenured staff, communicate clearly to every member of your team that cybersecurity is a critical priority of your IT department, and that it plays a vital role in your administrative public service efforts. Doing so will encourage staff to seek out additional knowledge sources and educational opportunities to supplement provided training.Rely on a Trusted Outsourced Partner
In tandem with internal training, local governments should consider outsourcing their hosting and security efforts to minimize the footprint of a potential cyber threat. Make sure you are selecting a solution partner that offers at least 99.9 percent up-time supported by a fully redundant, tier II data center, multiple network providers, burst band-width, and live 24/7/365 emergency support.Remember, a cybersecurity skill gap will put your citizen and civic data at risk. Ensure you are doing enough to enable quality skill advancement, and digital community security by formulating your community cybersecurity upskill plan today. For more best practices on civic website security, hosting, and digital system upgrades, click below to download our eBook.
