For Local Government, Cybersecurity is a Glaring Weakness - How to Protect your Municipality

There are over 90,000 small government entities in the U.S., and most of them have few cybersecurity measures in place. Thankfully Town Web has the tools to help your government safety online.


There are over 90,000 small government entities in the U.S., and most of them have few cybersecurity measures in place. Current research suggests that up to 1/3 of these entities cannot tell whether they are under attack at any given time. Of the small governments in a position to make that determination, 1/2 report daily attacks.


The frequency of attacks against municipal governments has been increasing in recent years. Unfortunately, the current geopolitical climate seems likely to encourage foreign actors to continue their hacking attempts. This article will examine what obstacles cyber-safety municipalities face, what strategies they can use to protect themselves, and how Town Web sets the standard in cybersecurity for local government.


Cybersecurity for Local Government is about More than Money


Local governments stand to lose a lot of money in a cyberattack, even if the purpose of the attack is not ransom. Data recovery costs can be crippling, as we saw in Baltimore in 2018-2019. Yet, despite the high price of upgrading cybersecurity, local government institutions will save more in the long run by being prepared.


On top of financial expenditures, city governments stand to lose their data permanently. These losses include financial records, billing information, and municipal contract data. Moreover, small governments hold a tremendous amount of their citizens' personally identifiable information (PII), including names, addresses, Social Security numbers, credit card information, medical info, etc.


Any data breach can compromise the privacy and security of everyone in your jurisdiction. The financial impact of recovery can be astronomical, but a secure website is an integral part of any cybersecurity plan. Town Web understands that most municipalities operate within tight constraints; therefore, we offer free, no-obligation quotes to create a custom-designed, hack-free website for your small town. 

 Town Web's custom-designed websites offer SSL security to protect your data

Many Localities are Unaware and Underfunded


Unfortunately, many local and city administrators are unaware of their vulnerabilities. A disproportionately high percentage of lower-level workers report that executive-level administrators are not involved in establishing cybersecurity measures. In addition, most jurisdictions report few qualified staff employed to organize training and manage information security. 


In 2021, state and local governments spent almost $120 billion on cybersecurity. In local government, it is not enough. Most small institutions do not allocate the requisite funds to mount an effective defense; the big spending occurs at the state level. 


Consequently, a large proportion of the 90,000 small government entities in the U.S. have no plan, no web-based security, and no code of conduct for employees. Therefore, breaches, attacks, and losses persist. For things to improve, local governments need better awareness, funding, and dedicated cybersecurity staff.    


Cybersecurity in Local Government Suffers from Competing Interests


Normal government functions often vie with cybersecurity considerations for limited funding and staff attention. Sometimes, they even seem to conflict. For example, town websites need to provide quick, transparent access to information and comply with ADA regulations. Yet, they also need to protect the information from hostile actors and avoid hacking attempts. 


In addition to this difficult balancing act, private sector interests are often at stake. Indeed, many municipalities rely on private companies for water and electricity distribution. Unfortunately, each additional entity involved increases the possible points of failure in any security system. 


The complex task of coordinating cybersecurity concerns with a 3rd party is often beyond the capability of a local government with no dedicated staff or custom-designed website. Fortunately, Town Web specializes in offering secure, compliant, and easy-to-use web services to municipalities with limited resources.

Cybersecurity Requires Top-Down Leadership and Bottom-Up Planning


The statistics paint a bleak picture. However, there is plenty of low-hanging fruit. The difference between having no protection and having minimal protection is significant. If your municipality or local administration has no cybersecurity in place, there are many strategies you can employ to reduce the likelihood of a successful breach.


Elected Officials Must Buy-In and Lead


High-level executives need to be on board. As noted above, one of the most frequent complaints by low-level administrators is that the executives are unaware of any threat. If high-level officeholders were to take an active role, the rest of the administration would follow their lead.


Elected officials should adopt the following policies to improve local government cybersecurity:


Effective Cybersecurity is No Accident


Every local government needs a plan, no matter how basic. Indeed, they should actively seek to tailor a plan that meets the specific needs of their community. The National Institute of Standards and Technology (NIST) has released a framework that ought to be required reading for all local government employees from the top down. 


The framework allows organizations of any size and amount of resources to assess their current cybersecurity, define cybersecurity goals, and measure progress toward the goals.


The NIST framework will guide you through making many official policies, including but not limited to:


Individuals Must Act Responsibly and Learn the Lingo


In addition to general, administration-wide policies, all employees should have training in basic cyber-safety. If your district does not have the resources for training, there is plenty of free information on the internet to help build good cyber habits. Understanding what types of attacks you are most likely to encounter is particularly useful. 


Hackers prefer these methods to infiltrate municipal computer networks:


Hackers Will Lock Your Data and Hold it for Ransom


Once hackers gain control of your network, they could install a malicious program to take it over. These programs, usually called malware, allow hackers to encrypt data on your network and block access, sometimes permanently. Malware attacks crippled Atlanta and Baltimore in 2018 and 2019. 


Ransomware is a sophisticated form of malware that allows hackers to lock down your entire network and prevent the government from providing essential services unless it pays a ransom. Local government agencies are preferred targets for these attacks, representing 15.4% of all ransomware incidents in the U.S. in 2021. 


Historically, the ransom requests have been for lower amounts than data recovery costs. Nevertheless, a higher proportion of those who paid the ransom lost their data permanently, suggesting that acceding to ransom demands is rarely your best option.


Your Plan Should Cover Protection, Response, and Updating


When it comes to cybersecurity, there is no foolproof quick-fix. Technology evolves, and infrastructure becomes outdated. Therefore, local governments need to formulate all-encompassing plans that evolve with changing conditions. 


The NIST framework highlights 5 functions that an organization must address in its planning:


Employing the Framework Within Budgetary Constraints


Every local government will address the 5 functions to suit their needs. However, there are several ways you can bypass the limitations imposed on you by limited resources. First, and most importantly, hire a qualified Chief Information Security Officer (CISO). If there is no room in the budget, designate a current staff member.


Next, partner with as many local and regional entities as you can. For example, neighboring jurisdictions and school districts may offer joint ventures to help defray costs. Moreover, universities could offer volunteer tech support. In addition, the National Guard has more than 50 cyber units consisting of over 4,000 staff and may be able to assist in planning.


Finally, consider outside partnerships. Many town and city administrators feel uncomfortable handing over their data to a third party. However, outsourcing may be the most reliable way of ensuring your municipality enjoys the peace of mind that cybersecurity allows for local government. At Town Web, we are proactive in developing a cybersecurity plan that fits your municipality’s needs.

Lay a Solid Foundation with Town Web Design


It is no wonder that government agencies are the most frequent target of cybercriminals looking to hold personal and government information hostage. Municipalities lack executive buy-in, employee training, and comprehensive planning. Nevertheless, you have options to protect your organization and residents. 


Start with a hack-proof website from Town Web. Our collaborative approach will help you navigate the complex process of formulating a robust cybersecurity plan within tight financial constraints. Your staff will love our simple interface, your residents will think the website is sharp and convenient, and everyone will have peace of mind knowing their data is safe.  

Town Web services are approved for use with ARPA funds!