Over time, information security laws only
grow stronger. As information technology continues to mature, expectations grow
higher that cities will protect their data. When data loss occurs or sensitive
information is stolen, the financial and legal repercussions (along with the
public outrage) may increase.
Most laws center around protecting
sensitive information and ensuring that operational continuity occurs even if a
disaster hits. After all, cities are stewards of public information and use
that information to serve citizens. If a city neglects information security,
they’re not just passing over nice-to-have technology perks. They are
neglecting and compromising their very core mission.
In this two-part article, we’ll discuss
best practices in part one and then address policies in part two. Use this
checklist of best practices to begin assessing your information security.
Weak or no passwords remain one of the
biggest information security holes at most cities. Are you using some of these worst passwords like 123456, Password,
or qwerty? Do your employees write passwords down on sticky notes and attach
them in public view on their computers? Remember, hackers use automated
software to crack passwords. The easiest passwords will get cracked, even if
you consider yourself an unimportant target.
While antivirus software helps protect
your city against viruses, don’t forget that human error often leads to viruses
even if you install antivirus software. Hackers usually fool employees by
getting them to click on funny images, social media quizzes, and online games
on websites and social media. Email attachments with viruses also still work
when employees think they come from a legitimate sender (which is easy for
hackers to spoof).
A virus can really wreck your city by
corrupting, deleting, or stealing your data. Protect yourself with:
Cities with any uncertainty related to data backup need to immediately address
this problem. A data breach or information theft is really bad, but don’t
forget about the risk of permanent data loss. To run a city and serve citizens,
electronic information is essential. Losing data lessens trust between you and
Make sure you can perform onsite data
backups for quick recovery and offsite data backups to recover from theft or
Many cities neglect operating system and
software updates. These updates and patches are delivered by software vendors
to fix bugs and patch up security holes. Studies show that most cyber-outbreaks
can be prevented by keeping computers up to date—and yet most people ignore
messages on their computers about installing updates. Apply patches, ideally
with an IT resource overseeing the process. And because vendors eventually stop
supporting and patching applications, operating systems, and hardware when this technology
gets too old, you need to upgrade these items when they have reached that point.
Physical security remains one of the most
overlooked aspects of information security. It’s easy for a disgruntled
employee to steal or take data from a server or computer. And when you
decommission servers and workstations, be careful—those machines may still have
sensitive information on them if you don’t dispose of them correctly.
Make sure you:
People tend to check out your website
first when they want to learn more about your city—whether it’s exploring
tourist attractions, relocating their business, moving, or inquiring about city
services. Not only do people expect a modern website with fresh content but
they also expect it to be secure and safe. They trust you when they exchange
billing information or click on links. It doesn’t take much for a hacker to
defame a weakly secured website, steal people’s information, or shut that
To make sure your website is safe and
In part two, we’ll talk about some sample
policies that will help enforce and reinforce these best practices across your
Questions about the strength of your information security? Reach out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.