Cyber Security Best Practices for Municipal Utilities and Governments

Knowledge Article
Written By NorthStar Utilities Solutions

Cost-effective Advice for Maximizing Your Security Program

This guest post is brought to you by Field Effect.

As Benjamin Franklin once said, “An ounce of prevention is worth a pound of cure” — and that’s doubly true when it comes to cybersecurity for municipal utilities. The threats and risks facing municipal utilities continue to increase, largely due to the perception that they lack the resources and experience necessary to secure their systems.   

There’s no doubt that resources are tight at the municipal level; spending more in one column means there’s less for another, and with the intense scrutiny spending receives, it can be difficult to increase investment in security.  

Attracting and retaining experienced cybersecurity talent is also tough. Between these challenges, there’s also the need to protect confidential information and keep systems and services operational.  

 The good news is that there are several easy, cost-effective cybersecurity best practices that will massively improve your security posture — and best of all, you can implement them right now. 

Getting the Basics Right

Putting basic cybersecurity controls in place will have an immediate impact on your defenses. One of these measures is ensuring employees use strong passwords. Weak passwords used across multiple accounts give attackers an easy in. Investing in password management tools solves the issue around creating, storing, and recalling unique and complex passwords.  

What’s more, Verizon’s 2020 Data Breach Investigation Report (DBIR) found that human error remains one of the leading causes behind a data breach. It’s imperative that your IT network and cloud services are properly configured. Hackers rely heavily on misconfigured systems and weak security measures to ensure their attacks are successful.  

Having cyber situational awareness (CSA) is another control that can help you identify the threats that are most likely to impact your organization. CSA can be defined as knowing your network, knowing the threats to your network, and knowing how to respond to those threats. With this insight, you can identify and address “quick win” risks, like checking and correcting access permissions and privileges.  

It’ll also help you spot missed patches. A shocking number of attacks or breaches could easily have been prevented with an available software update. Routinely checking for and applying patches can help you resolve vulnerabilities quickly.  

Build a Cybersecurity Playbook

One of the most effective practices you can implement involves planning and preparedness.  Take a step back from operational challenges and consider all the risks facing your organization and how they could impact you.  

Unfortunately, there’s no one-size-fits-all approach to creating a cybersecurity playbook. That’s why it’s so vital to reach out to peers and share information. Members of the American Public Power Association (APPA) and American Water Works Association (AWWA), for example, are very active in sharing their experiences and how they’ve developed best practices with regard to technology and security. 

Designing a plan takes time and can be challenging but needs to be a priority. Your playbook should detail key action steps for: 

·       Incident detection, notification, analysis, and forensics. 

·       Response actions, specifically containment, remediation, and restoration. 

·       Ongoing communication with stakeholders and customers. 

·       Post-incident analysis to determine what happened and how your organization handled it.  

Start by focusing on the “mission-critical” aspects of your organization. What absolutely needs to be back up and fully operational first? What are your priorities, and what can wait? These questions can help identify key pieces of your cybersecurity plan, as can an understanding of your requirements from a regulatory perspective.   

Making a playbook can also help get boards and senior leadership invested in the issue. Highlighting the risks, their impact, and steps you can take to respond will make it easier to get buy-in on security initiatives. 

Training, Education, and Building a Culture of Security 

The weakest link in cybersecurity remains the human element.   

People make mistakes — and the only way to lower that risk is through education. Training users and raising risk awareness goes a long way towards a security-first culture.  

Security is everyone’s responsibility, despite what some may think, and ensuring every staff member at every level understands this can help reduce the risks associated with human error. Consider investing in ongoing cybersecurity training, developing informative resources or guides for employees to access, and encouraging communication about new and emerging risks.   

Disaster Recovery Planning and Testing  

When something goes wrong, your first step will be to work on your playbook and implement your plan. You want to make sure you’re collecting the right information and taking appropriate action to mitigate a cybersecurity incident.  

But just because you’ve got a plan in place doesn’t guarantee it’ll work. That’s why it’s also vital to test the playbook you’ve created. For example, it’s one thing to back up your data, but another to make sure you can restore operations with it.  Several organizations, such as Ontario’s Utility Standards Forum (USF), have put together disaster recovery and incident response templates to give municipal organizations and utilities a starting point for their own plans.   

Get Visibility Across Your Network 

What visibility do you have of your network?  

Think of it this way: if you were in charge of protecting a bank from robbers, you’d obviously want security staff to keep an eye out for suspicious activities. But people have limitations, and can’t watch everything simultaneously, so you’d likely also set up cameras for better visibility. Maybe you’d add motion detectors that would alert you to activity in a locked vault.  Basically, you’d want to get consistent, reliable visibility and defenses in place and make sure you’ve always got eyes on the things you’re trying to protect.  

Your IT network needs similar visibility. Relying on what you can see during the day is great, but without accurate visibility into all the activity across your network (including cloud services and endpoint devices), and assets, it will be difficult to defend them.  

This visibility can give you insight into the steps you need to take to address and mitigate these threats pre-emptively. In short: visibility tells you when you’re under attack, what is being attacked, and how to defend against this attack.   

Easy-to-use cyber threat monitoring platforms, such as Field Effect’s Covalence, deliver the visibility you need via contextual alerts and recommendations, giving you actionable insight into the steps you need to take to secure your organization. 

Toby Nangle, Global Channel & Partnerships Lead, Field Effect

Toby Nangle excels at building sales channels and channel sales teams for technology companies. With a 23-year career in technology channel sales, he has worked extensively in the Education Technology, Cloud, IT Infrastructure and IT Security sectors. His expertise lies in developing cohesive channel strategies, identifying and developing the shortest path to revenue for new technologies and implementing the necessary internal and external structures to support channel partnerships. Immediately prior to joining Field Effect, Toby guided channel development and partner account management teams through two successful acquisitions.

 

NorthStar Utilities Solutions
Previous

Self-service Customer Experience Web Portal Checklist
Next

Why Your Utility Needs Cyber Security Protection