Our Russian Twitter bot report generated interest from a variety of industries. But what caught our eye was the unexpected level of interest from state and local governments.
This makes sense in light of these governments' efforts to increase security for the upcoming midterm elections. Grants have been approved for states, like Kansas, to upgrade their security and cybersecurity companies are offering their services to candidates and commissions. While election security has the spotlight for now, it's critical to keep the long view in mind: protecting the day-to-day administrative activities governments are responsible for, which include:
- Defending against criminal cyber attacks
- Archiving & retaining digital communications and records
- Monitoring for compliance exposure
Government agencies, just like enterprise business, gain workflow efficiency by adopting new technologies. But, this also opens up a higher degree of exposure and cyber attacks have broad consequences. The March ransomware attack on Atlanta resulted in a citywide system shutdown for five days. The attackers created panic and uncertainty in the short term and cost the city millions of dollars in the long term.
Bad actor threats range from spreading misinformation about public events or fabricated emergencies, launching account takeover attacks of government accounts, to attacking online payment portals to steal constituents’ PII.
Archival and Retention
Agencies are responsible for maintaining records of all their digital channels (don’t forget about public officials’ and institutions’ tweets). Full visibility into managing the authenticity of this information and guarding against leaks is crucial. In the event of legal action, they need to preserve and prove the digital “chain of evidence” for eDiscovery. The data sets are large and grow exponentially, making it unrealistic to audit and archive all of them manually.
Compliance Monitoring
Preventing deliberate or accidental disclosures of confidential information per relevant privacy regulations (PII, PHI, HIPAA) requires agencies to monitor social media postings and other digital communications. This includes content postings from official accounts, government employees, and citizens. If there is a concern, agencies must be able to identify violations in real-time and take action, while also maintaining a record of what happened and when to assist in future system-hardening and complying with breach notification requirements.
Next Steps
State and local governments need information governance and security. The amount of digital data generated and collected does not have to be a limiting factor. Scalable, automated solutions help agencies take proactive steps to defending and protecting their organizations.
SafeGuard Cyber empowers government agencies to embrace innovation by providing defense, remediation, and governance tools for all your digital channels in a single solution.
Whitepaper: Download the report, "Think Globally Act Locally:
Protecting State and City Governments"
.jpg)