By Stephanie Helm, Director, MassCyberCenter at the MassTech Collaborative
As we modify our work practices to operate remotely, cybersecurity must continue to be an important element of municipal safety and security. Cyber adversaries look for opportunities in uncertain times to launch a scam or sneak into a network. For example, we have seen false links purporting to be related to the COVID -19 crisis to lure a “click” which downloads malware, and we have seen distributed denial of services or DDOS attacks against key government web sites.
While our attention is focused on responding to the immediate needs of our citizens, we should recognize these realistic cybersecurity risks.
As your workforce transitions to remote working, below are a few tips to help municipal leaders and your employees establish sound practices to support cybersecurity. We’ve also included links to trusted resources that you and your staff can look to for further guidance.
Municipal Leaders
- Clearly articulate the importance of maintaining cybersecurity best practices during remote operations. Encourage vigilance and good cybersecurity hygiene in this new operating environment. If you make this part of your expectations, you will continue to support the Commonwealth’s commitment to cybersecurity resilience.
- Keep in contact with employees to ascertain “how is it going?” from a technical perspective. Ensure that contact information for your “helpdesk” or IT support personnel is available.
- Encourage “see something, say something” to promote cybersecurity vigilance. This will avoid employees trying to solve problems themselves which may introduce practices dangerous to cybersecurity.
- Engage your IT team early to support hardware, software, and licensing requirements. Ask about cybersecurity risks specifically.
- Public records requirements are still valid for municipal business done remotely. Ensure your employees understand these requirements and maintain continuity on the remote systems.
Employees
- Use government-issued devices which are compliant with municipal IT systems and applications.
- Do not use personal email accounts, instant messenger, or texts to conduct municipal business. Public records requirements are still valid for municipal business.
- Continue to abide by municipal cybersecurity precautions. Continue password management, avoid clicking on links which may download malware, and be on alert for social engineering scams.
- Protect your government-issued equipment and secure it when not in use.
- Do not loan your government-issued equipment to others.
References for teleworking support
- CIS Controls Telework and Small Office Network Security Guide: https://www.cisecurity.org/white-papers/cis-controls-telework-and-small-office-network-security-guide/
- NIST Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security: https://csrc.nist.gov/publications/detail/sp/800-46/rev-2/final
- Telework.gov: The Guide to Telework in the Federal Government outlines practical information to assist Federal agencies: https://www.telework.gov/guidance-legislation/telework-guidance/telework-guide/guide-to-telework-in-the-federal-government.pdf
- Telework.gov: Security and IT: https://www.telework.gov/guidance-legislation/telework-guidance/security-it/
###