Thursday, May 15, 2014

Research Q of the Week: Cyber-Attack Prevention in Small Cities (5/15)

Question: We are a small city with limited staff and financial resources. Why should we be concerned about a cyber-attack on our computer system? 

Answer: Multi-billion dollar corporations are not the only entities that should be worried about cyber-security. Computer hackers, viruses, malware, or a stolen laptop can compromise a city’s record security and result in the release of sensitive data the city maintains. Got your attention? Thought so. Luckily many measures cities should take to maintain the security of their computer systems and electronically stored records are relatively inexpensive and embody good, common sense.

Here's a list of steps cities should take to protect computer systems and digitally-stored data:

•    Keep an accurate inventory of all computers, servers, and other networked devices.
•    Install a network firewall.
•    Install anti-virus software on every computer.
•    Require complex passwords— passwords that are at least 8 characters long and include both lower and upper case characters and at least one non-alpha numeric character (e.g. #, *, % etc.). For example: M!nn&s0ta.
•    Set up laptops to encrypt data on the hard drive to prevent thieves from viewing the data contained on it.
•    Design the city’s network with file location and security for specific types of documents.
•    Implement a computer use policy with provisions for network security.
•    Train employees so that they understand the city’s computer use policy, password setup, and where to store data.
•    Scrub old computer, laptop, tablet, smartphone, and copier hard drives to Department of Defense standards before disposal.

  Everyone who uses a computer is vulnerable to cyber-attack. But by taking these relatively inexpensive measures will make it more difficult for the hackers to succeed. For more information on record security, see the Handbook for Minnesota Cities, Chapter 27-Records Management.

This blog post conveys general information. It’s not legal advice. Please check with your city attorney before acting on this information. 

2 comments:

  1. Municipalities and other entities who invest to implement advanced precautionary measures to protect themselves still have significant exposure to cyber related attacks and other information breaches. Does the league have specific cyber liability insurance coverage available to protect against those types of claims that we are now seeing on a daily basis?

    ReplyDelete
  2. Hi Pat. I'm sorry for the delayed response. When your question came through LMCIT was in the process of launching these new e-risk resources for LMCIT members: http://www.lmc.org/page/1/eRisk.jsp

    You can read more about them here on The City Spot, too: http://minnesotacities.blogspot.com/2014/07/safeguarding-cyberspace-new-resource-to.html

    If you have specific questions about your city’s coverage, be sure to contact your agent.

    Thanks for the question!

    —Danielle

    ReplyDelete

Thanks for commenting on the League of Minnesota Cities blog!

If you leave a comment using the Anonymous category, please feel free to sign your first name and city.

View our social media comments policy here: http://bit.ly/Wj9n8G