Editor's note: This article was originally published in American City & County, which has merged with Smart Cities Dive to bring you expanded coverage of city innovation and local government. For the latest in smart city news, explore Smart Cities Dive or sign up for our newsletter.
No question, an online presence is vital for cities and counties. They rely heavily on email communication and digital infrastructure to conduct essential operations and provide critical services to the public. “But these systems are also vulnerable to various cybersecurity threats, including phishing, malware and insider attacks, which can compromise sensitive information and disrupt normal operations,” says Augustine Boateng, deputy chief information officer (CIO) in Memphis, Tenn.
The Memphis official says it is crucial, when cities purchase email security and cybersecurity solutions, that they prioritize providers that offer comprehensive protection against these evolving threats. “The selected systems must seamlessly integrate with existing infrastructure and align with industry best practices to ensure optimal performance and security.”
Beyond implementing robust security solutions, Boateng urges city IT leaders to take other steps. “They should prioritize user training programs, including phishing awareness and phishing simulation testing, to educate employees and stakeholders on how to identify and respond to potential threats.”
And he explains that cities need to stay vigilant: “To ensure long-term effectiveness, organizations should regularly update and patch these systems and collaborate with cybersecurity experts to identify and address any potential vulnerabilities or emerging threats. By taking these proactive steps, municipalities can enhance their cybersecurity posture and protect critical assets and information from malicious actors.”
When they plan to acquire an email security solution, Boateng urges local government administrators to exercise caution and undertake thorough vendor research to ensure that they are making an informed decision. He spotlights some recommended best practices to use in the acquisition process:
Clearly define and outline security requirements based on the identified risks. Specify features such as encryption, multi-factor authentication and advanced threat detection that align with the government's security policies.
Vet potential vendors rigorously and completely. Assess their security practices, compliance with industry standards and reputation. Administrators should request information on the prospective vendor’s experience with government clients and their ability to meet specific regulatory requirements and standards.
Ensure that the chosen systems comply with relevant laws and regulations governing data security and privacy. This is especially crucial for local governments handling sensitive citizen information.
Choose systems that seamlessly integrate with existing IT infrastructure. Interoperability is vital to ensure smooth operation and avoid disruptions in services.
Prioritize cybersecurity awareness training for employees. Educate them on the potential risks associated with email and IT systems, emphasizing the importance of following security protocols.
Opt for systems that have a track record of prompt and regular software updates. Regular updates help address vulnerabilities and keep the systems resilient against emerging threats.
Ensure transparency in the procurement process. Administrators need to clearly communicate security requirements in the request for proposals (RFPs) and evaluate vendors based on their ability to meet these requirements.
Adopt systems that are scalable and can accommodate future growth and technological advancements. This helps in avoiding frequent system upgrades and ensures long-term viability.
Inspire and develop collaboration with the broader cybersecurity community. Participate in information-sharing initiatives and stay informed about the latest threats and best practices.
Conduct regular security audits and assessments to identify and address potential weaknesses in the email and IT systems. This proactive approach helps in maintaining and preserving a robust security posture.
Municipalities need more troops on the ground to fight cybercrime, Boateng believes. “The shortage of skilled cybersecurity professionals has been a major challenge for local governments for some time now. Despite various initiatives and efforts, this problem continues to persist and has become a pressing concern. As cybersecurity threats become more sophisticated and frequent, the need for talented professionals to combat them has become more urgent.”
Boateng outlines some needed steps: “City leaders must prioritize this issue and take proactive steps to address the skills gap. It is important to develop programs that can attract skilled cybersecurity talent and retain them in the long run. Such programs could include job training and apprenticeship opportunities, internships and targeted recruitment efforts. It is also essential to provide competitive compensation packages, benefits and opportunities for career growth to motivate cybersecurity professionals to stay with the organization.”
And don’t forget these additional actions that can help secure IT infrastructure, Boateng concludes: “Local governments also need to create a culture of cybersecurity awareness and prioritize cybersecurity in their budget and planning processes. This will create a more supportive environment for cybersecurity professionals and help ensure that the organization remains secure against cyber-threats.”
OMNIA Partners, who sponsors this page, offers a robust portfolio of cooperative contracts in the public procurement space. The firm lists a number of cooperative contracts under the keyword “cybersecurity.”
