By Derek Porter
With the rise of the Internet, a revolutionary opportunity was created to expand the way in which governments communicate, provide services and process information. Incredible efficiencies have been gained as governments can now share, receive and process information in real-time with its citizens.
That being said, the meteoric rise of the Internet has also increased the potential threat of data theft and data breaches within our governments. As these threats have become more apparent, security has become a top priority for governments of all shapes and sizes.
Considering that the average cost of cyber-crime to US companies in 2015 was $15.42 million in losses, you can understand why cyber-crime is a major concern for private and public sector organizations.
One can see that no one is immune to cyber-crime when reviewing some of the high profile organizations that have had data breaches in the last 10 years.
It is likely that your local government will not have the high profile of a large private sector organization; however, in 2015 $9.37 Million in losses were recorded in public sector agencies across the United States due to cyber-crime.
Without a doubt cyber-crime is a significant threat in today’s digital word and local governments would have a difficult time rebounding from the negative financial impact a security breach could cause to their fiscal budgets. Perhaps more alarming is the loss in confidence your government will experience from constituents should an attack occur.
Keep in mind though, there are no quick fixes when it comes to cyber security. The most fundamental item necessary in protecting your systems from threats is a security policy. The fact is that few local governments actually take the time and trouble to create a comprehensive security policy. Proper security measures do not simply come from the applications purchased or developed to protect government systems, sufficient protection starts with the people in charge of implementing carefully laid out processes in conjunction with said applications.
A policy should lay out what your government’s goal is for security. A proper security policy will establish standards for what is permitted or denied within the structure of your government. A common fallacy is that security policies are driven by security systems. In fact, it is the processes outlined within the security policy, and the people who carry out the required policies that create a secure environment. In short, a security policy will help your government with determining where or what to purchase or what processes to follow in order to secure your environment.
The first step to cyber-crime prevention is coming to terms with the fact that your local government needs a security policy. The following steps which are to develop and implement security policies can appear quite daunting, that is why it is highly recommended that you reach out to experts for assistance. For example, security assessments of your government’s environment are legitimized when conducted by an external party as opposed to having your own internal staff complete said assessment.
A well laid-out security policy cannot simply be developed by taking recommendations from a top 10 list found on the Internet. If you need assistance in developing a security policy than utilize external security consultants to help your government put comprehensive procedures and policies in place. Remember that financial losses are not the only potential consequences of a cyber-attack, by keeping your government systems safe and protected you will in turn maintain trust and support from your constituents.
Derek is a Public Sector Account Manager working for zedIT Solutions Inc., an IT professional services firm with offices and customers across the Globe. Derek’s primary objective is to help government agencies realize the promise of technology by taking the time to understand his client’ needs and collaborate with zedIT consultants to deliver meaningful solutions that align with each customers’ definition of value.