11 Affordable Steps You Can Take to Protect your Municipal Utility's Network and Critical Systems
When surveyed, 58% of business leaders rated their cyber readiness as low, and 54% expect an attack on critical infrastructure in the next 12 months. With these numbers, more than likely, you're one of the ones that are worried that cybercriminals are targeting you. Chances are good you are a target because cybercriminals think of municipalities and utilities, no matter the size, as soft targets. And they believe that because many of you are under-protected, under-funded, and under-prepared for a breach.
Now, you've heard people talk about different kinds of security solutions, but you don't know where to start, you know it's going to be complicated, and you're pretty sure it's going to be expensive. But, you can put the items in the list below into place fairly quickly, and your network will be safer without breaking the bank.
1. Create a strong password management policy. -- Having a strong password policy where no one shares credentials, everyone changes passwords regularly, and your system locks users out after inactivity all help keep your employees from inadvertently letting someone into your system. And if you have a user hierarchy, then only authorized personnel can access critical files and systems. Because your internal IT staff can set up these steps, you'll be keeping your system safe at one of the most basic levels with just a few basic steps.
2. Enact multi-factor authentication. – two-factor and multi-factor authentication takes your password management protocols a step farther. This authentication requires a user to validate his/her identification so that someone outside your system can’t steal a username and password and use it to get in. This kind of validation is essential with employees who work remotely because it adds another layer of protection to unfamiliar networks. Most of the time, a few hours of IT work can have this procedure up and running to protect your network.
3. Encrypt your data. – when encryption is in place, endpoints in your network receive and house scrambled code that only they can decrypt. Because any data at rest (stored on laptops, servers, the cloud, etc.) are vulnerable and need protection, encryption keeps it safe. Many operating systems have encryption enabled by default. Still, if it doesn’t, your IT staff can encrypt your data either with third-party software or hardware.
4. Update all software and hardware regularly. – We’ve all seen our notifications telling us it’s time to update our drivers or software, and we often ignore it. However, cybercriminals know that if you don’t keep up with your updates, they have a way to get into your system. Updating your hardware and software regularly patches holes in security and keeps cybercriminals from getting in through these vulnerable areas.
5. Back up your data. – having an automated, regular backup enabled is essential to getting back up and running again after a breach. If the unfortunate happens and someone holds your data ransom, you may not get all your data back if you pay or don’t. That’s how insidious these attackers can be. But having a backup will ensure that you’ll have the information you stored, at least from the last data backup point.
6. Have a recovery plan in place. – If a cybercriminal breaches your network, it’s essential to know what to do to recover your data and get your critical systems up and running again. Just like Baltimore 911 did, having and plan and practicing, much like a disaster drill, will keep your employees ready if your utility or municipality is a victim of a cyber attack.
7. Educate and train your staff. – according to some sources, 90% of all cyberattacks start with human error. An employee clicks a phishing link; a person opens a suspicious email; an employee leaves his/her computer unattended — all of these incidents can result in a breach. But if your employees know what to do to prevent cyberattacks, it will considerably reduce your risk.
8. Make sure your vendors have updated security protocols. – Vendors having access to your system can open up your network to cyberattacks, especially if they do not have the same security protocols as you do. If you require your vendors to perform regular security audits, you ensure that everyone complies with the latest security protocols.
9. Have a cybersecurity incident response plan. – In addition to a recovery plan, you'll need a cybersecurity incident response plan, as well. If you have a plan, you'll save valuable time getting your system back up and running again because you'll have a staff that knows what to do. And you'll have a blueprint laid out on how to respond to your community, your superiors, and the media. Having a staff ready to jump into action and keeping communication lines open are vital to reducing downtime and the fallout that comes after a cyber breach occurs.
10. Invest in a firewall and anti-virus software. – For just a fraction of the cost of a breach, you need to invest in firewall and anti-virus software. The firewall sits between your local network and the outside world, and it determines what good traffic gets in and what bad traffic stays out. Virus detection programs protect computers by regularly scanning for malicious software that makes you vulnerable to a cyberattack.
11. Have an MDR team on your side. – MDR or managed detection and response is the latest, most affordable option for managing your network architecture. With Covalence, you’ll have software, hardware, and human threat hunters working for you 24/7. Covalence identifies cyber threats and reduces vulnerabilities in a simple, easy-to-deploy, cost-effective platform. Covalence monitors and protects your network from one device to the next and analyzes traffic on your network to determine what threats are out there. With Covalence, you’ll have a transparent, holistic, managed detection and response system with no gaps in your security.
Benjamin Franklin said, “By failing to prepare, you are preparing to fail.” And the same can be said for network security. To keep cybercriminals out of your critical systems and keep your data safe, you must have a plan and take every step to keep your network secure. These 11 steps are a great place to start, but if you need more assistance, the team at NorthStar and our partners at Field Effect can help you protect your municipal utility. Click on the button below to contact us.