6 Cybersecurity Tips for Municipalities

Municipalities are a cybercriminal’s dream. They’re packed full of confidential information on residents and employees, offering a digital buffet of social security numbers, banking information, addresses, and more. Plus, a well-placed piece of malware in a municipal system can cause ultimate chaos – think failing traffic lights, downed payment systems, and a total disruption of city services.

Because of this, cyberattacks on municipalities are on the rise. Since 2018, major cities like Atlanta, New Orleans, Baltimore, and more have fallen prey to cyberattacks that caused city-wide disruptions and cost millions of dollars in damages and lost hours.

Municipalities are a prime target for attack because they often lack the resources to train staff, update crucial equipment, and manage cybersecurity plans. But because of their access to confidential information and integration with city infrastructure, municipalities must implement strong security measures that prevent cyberattacks and protect their city and residents.

Luckily, there are some great resources for municipalities when it comes to cybersecurity. The National Institute of Standards and Technology (NIST) has an entire center dedicated to cybersecurity best practices and guidelines. The Multi-State Information Sharing & Analysis Center (MS-ISAC) was created by the U.S. Department of Homeland Security to act as the central resource for state and local governments in regards to cybersecurity.

And of course, you have this trusty guide! We’re giving you 6 actionable tips to help you develop and maintain a strong cybersecurity plan for your municipality. Read on to learn more!

Start with a risk assessment. The first step in protecting against cyberattacks is knowing where your vulnerabilities lie. All municipalities should conduct a thorough cybersecurity risk assessment to find any gaps or weaknesses hackers could exploit. You should look at what data each department collects, how its stored and transmitted, and any potential threats it may encounter.

For more help, NIST provides a comprehensive step-by-step guide on conducting a risk assessment for municipalities.

Back up your data. Regular backups are one of the easiest and least expensive cybersecurity practices you can implement to lessen the impact of a cyberattack. You never want to be in a position where you have to negotiate with cybercriminals to retrieve lost data!

By backing up your data and systems, you’ll be able to retrieve it in the event of a ransomware attack, natural disaster, server crash, or other disruption. Backups should be done regularly on all important data and systems in your network. Your backup data should be stored securely off-site as well as on the cloud, and you should regularly test your backup system to be sure it’s working and easily accessible.

A solution like our Bis Backup & Disaster Recovery is an easy and effective way to backup your data. Be sure your employees are also regularly backing up their local drives and mobile devices (if used for work).

Use multi-factor authentication. Even the strongest passwords can be cracked by a dedicated hacker. Multi-factor authentication requires a correct password and an additional form of identification, such as a temporary SMS code sent to an approved device, to access your account. This is an easy but important way to minimize your risk if a password is stolen or accessed through a phishing scam, as the attacker will still need the second code to gain access.

Multi-factor authentication should be used as often as possible, especially on all of your critical business systems. You should also require multi-factor authentication for remote employees to access your network. Many programs have MFA built-in, and you can also install special apps like Google Authenticator or use a third-party vendor.

Encrypt your devices. In today’s digital world, confidential information is stored, shared, and transmitted across a variety of devices. Many employees use laptops, smartphones, and tablets to work on-the-go, and theft of these devices is a leading cause of data loss.

All municipal computer systems, laptops, mobile devices, cloud files, and USB drives should use full-disk encryption. This will help prevent unauthorized users from accessing confidential government and personal information when devices are lost or stolen.

Stay current on updates. Get out of the habit of clicking that “remind me later” button when a system update pops up. Updates include important patches and upgrades that protect your system and should always be installed as soon as they become available. Systems that are not updated are vulnerable to attack and are regularly targeted by cybercriminals; Atlanta learned this the hard way in 2018 when a failure to update their system led to the biggest cyberattack on a municipality in the U.S. history.

Train and educate all staff on proper security practices. The majority of attacks on municipalities are done by targeting employees. Phishing scams, virus-laden links, and other forms of social engineering are easy to fall for, and you’re only as strong as your weakest link. All employees should undergo training to learn how to recognize potential risks and implement best practices in cybersecurity.

You can create training manuals and materials to be used during onboarding and yearly reviews. You can also outsource your training to an IT professional like BIS; our security and compliance training program uses slides, videos, and quizzes to take students through a variety of security topics.

We offer a wide range of managed services and solutions to smooth the way to stronger cybersecurity. If you need help implementing these tips or in any other area of your IT or network security, contact us today!



6 Things You Should Have Done To Stop Ransomware

Phillip Long – CISSP, CEO of , along with his team of marketing and information technology experts, will walk you through an overview of what your business should be doing to protect your data and plan your digital marketing strategies.


is the technology leader on the Gulf Coast and is comprised of four divisions: Information Technology, Web Design & Digital Marketing, Office Equipment and Business Consulting. Together these divisions help local businesses exceed expectations and allow them to group to their full potential while minimizing risks. To learn more about , visit

You may reach out to us at:
Phone: 251-405-2527