Smaller government agencies often do not prioritize cybersecurity and the pandemic has only exacerbated this. Their network, and as a result their security, is spread thin while agencies across the country are getting hit left and right with cyberattacks. Recent victims include the Washington D.C. police force, Baltimore County Public Schools, and the Hampton Roads Sanitation District to name a few. The fact is cybercriminals are going to hit us where it hurts so they can make a profit. Unfortunately, the organizations we depend on, education, law enforcement, healthcare, etc., are the most vulnerable and therefore the easiest targets.

What Makes These Organizations So Enticing?

Cybercriminals target governments, schools, healthcare centers, and others because they are a treasure trove of personal data. Names, addresses, phone numbers, financial information, and more are extremely valuable to hackers. Even if they don’t provide monetary value at that moment, the hacker can always use them later for phishing attacks.

Additionally, government entities often lack the funds necessary to defend against attacks. This is even worse when you consider that many of them are installing more and more Internet of Things (IoT) devices such as cameras, sensors, etc., widening their attack surface. Cybercriminals take the path of least resistance, so they will target an organization with less defensive measures before a larger company that may have more valuable data but stronger defense.

Challenges of Implementing Proper Security Measures

One of the biggest challenges that still haunts the entire industry to this day is the worker shortage. There are simply not enough people to fill all the jobs available. When there are people, these organizations often lack the budget to provide competitive wages, which leads to the next challenge, funding.

Public services often do not have the extra cash to spend on security, but perhaps that could change with increased awareness. Having a greater understanding of the risks they face and what it takes to mitigate those risks could pave the way for increased budgets in the future.

As a jumping-off point, organizations could invest in cyber insurance. That could at least get them an audit to see exactly where they are lacking and what needs improved upon. Another good starting point would be increased awareness among faculty and staff. Security Awareness Training doesn’t have to be a luxury, and a little bit of knowledge can go a long way in stopping cybercriminals. All it takes is one wrong click from an unknowing employee to put your network in the hands of a hacker.

What Are the Next Steps?

If budget and worker shortages are holding you back from better cybersecurity, there are still measures you can take to improve. These tips for security controls are the baseline for any healthy cybersecurity plan:

• Implement a password management policy and require strong passwords as well as updated passwords every 90 days
• Implement a software update/patching policy requiring automatic updates to be turned on
• Have an incident response plan in place in the event of an attack so that people aren’t scrambling to figure out what to do. Make sure everyone knows their role.
• Have a policy on external devices
• Also, create a policy around third-party vendors to ensure they are not putting you at risk.

If you have questions on any of these policies and how to implement them, contact the team at TechGuard Security. We offer a complimentary one-hour advisory session to help you get started.