Municipalities are increasingly embracing new technologies. They’re also turning to the smart city concept to optimize their activities and improve the well-being of citizens. As a result, citizens get to benefit from several online services (e.g., filing permit applications or paying property taxes). But the proliferation of these portals also increases the risk of cyberattacks. And that's not counting the deployment of all Internet of Things (IoT)-based devices.
The key to protecting oneself from cyberattacks remains prevention. The journey to protecting your municipality's systems, data, infrastructure, and integrity requires the deployment of considerable resources and the multiplication of small, well-targeted actions at regular intervals. But don’t worry: protecting your municipality from a cyberattack is easier than finding Waldo! Here are eight actions you can take to help guide your teams in the fight against a potential attack!
Cybersecurity: 8 best practices to implement
1 - Assess critical risks to your organization
First, identify the critical information and systems that underpin the proper functioning of the municipality. According to a recent survey by KPMG (in French only), nearly three-quarters of responding companies said their information and operational technology systems make them vulnerable to cyberattacks. Are yours more up to the task? This is the starting point for identifying the actions to be taken. Your resources—financial and human—must prioritize these critical points.
According to an analysis published by the firm Gartner in 2016, organizations should spend 4% to 7% of their information technology (IT) budget on cybersecurity. Now seven years later, this figure probably needs to be increased, but it nevertheless has the merit of offering you a point of comparison between your current investments and those you should be making.
2 - Identify potential threats to cities
When it comes to cybersecurity, you need to be well informed at all times. Stay up to date on current cyber threats to organizations. Whether it's by participating in recurring IT-related events or viewing alerts broadcast by the Canadian Centre for Cyber Security, get all the information you need and stay vigilant. New threats emerge regularly...
Remember that an attacker only needs to find one vulnerability to exploit it. Municipalities, on the other hand, must constantly be on the lookout for potential breaches and conduct 360-degree audits themselves, knowing that some of their critical infrastructure could be at risk. To protect yourself, learn how to identify the attack strategies of hackers.
3 - Deploy cybersecurity business training
It’s the very essence of ransomware and phishing: an employee inadvertently clicks on a harmful link or file… and the problems ensue! It is therefore crucial for municipalities to pay special attention to protecting their network, raising their staff’s awareness of cybersecurity, and providing training in the matter. According to the afore-mentioned KPMG survey (in French only), only 38% of respondents asserted that they had received adequate training for recognizing such attacks. It’s your chance to stand out!
So, what topics should be discussed at these training sessions? Choosing strong passwords, recognizing harmful emails and links, and safe usage of social media are a few ideas that come to mind. The goal is to ensure that everyone is prepared to prevent any potential cybersecurity incidents.
4 - Communicate the game plan in the event of a cyberattack
Municipalities should think of cybersecurity incidents as being inevitable. They therefore need to have an intervention plan in place to ensure maintenance and resumption of their activities. And in order for these policies and protocols to be effective, it is essential for all levels of the organization to have the necessary information. Set up a list of employees involved in the management of a potential cyber incident. Ensure the roles and responsibilities of each person are clearly defined.
There should be only one person responsible for handling communications in a crisis. This person should be able to explain all concepts specific to the technologies involved in laymen’s terms. They also need to be aware of the legal obligations of municipalities with regard to protecting personal information and the disclosure of any type of breach. Law 25 (the Act to modernize legislative provisions as regards the protection of personal information) sets out new obligations for public organizations with respect to personal information.
5 - Adopt basic security best practices
A set of small gestures is often the first line of defense for organizations. Ensure that the basics of IT security are adopted at all levels of the hierarchy. For example, have a clear policy on the length, complexity, and reuse of passwords. Or, take a stand on the use (or non-use) of a password manager.
Multi-factor authentication is also a way to reduce the risk of intrusion. This method combines the use of a password with a second security step: sending an app-generated code or receiving an automated phone call to a specific device, for example.
To reduce cybersecurity risks, your IT teams can also enable automatic updates for all software and IT systems used. Videotron Business’ cloud solutions for businesses filter apps and web pages and block the latest global threats with automatic updates.
6 - Back up all your data
Backing up data is an essential part of ensuring the rapid recovery of your operations, not only following a cybersecurity incident, but also following equipment breakage or theft. There are many causes of data loss, and accidental deletion of files is one of them.
Creating backups of data stored on-premises, in off-site locations, and in the cloud is recommended. Now more than ever, municipalities need to put in place technologies, rules, and procedures to protect all of their data. However, this data protection task can quickly become complex and expensive: data volumes are rapidly doubling and compliance with standards can also be a challenge. So don't hesitate to call on a trusted partner to remedy such a challenge.
7 - Consider purchasing a cybersecurity insurance policy
A municipality that is the victim of a cyberattack must take considerable resources to recover from it. The financial consequences of a cyberattack on your organization can be disastrous. The protections offered by cyber risk insurance are a bulwark against asset damages.
In August 2021, the Insurance Bureau of Canada (IBC) revealed that 24% of businesses have purchased cyber insurance that is part of a comprehensive coverage or, in 15% of cases, a piecemeal plan. So that's another good practice to consider. However, since the launch of this type of insurance policy, premiums have skyrocketed!
8 - Put your response plan to the test
Is your response plan in the event of a cyberattack well thought out? To find out if it holds up, it's best to put it to the test by simulating an attack . . . before one actually occurs. This type of exercise must be done on a regular basis. So prepare different scenarios for responding to potential incidents and sharpen your staff's reflexes in such circumstances.
Cybersecurity: technological solutions at your disposal
Beyond the best practices to adopt, there are also turnkey technological solutions to strengthen the cybersecurity of municipalities. Videotron Business' managed services free up your internal resources to focus on what really matters: your organization's mission. So, do you need a drop of magic potion to beef up your defenses against hackers? Here are three technologies to consider right away.
-
Protection against DoS attacks
A denial of service (DoS) attack involves flooding servers with heavy traffic in an attempt to drain a company's or municipality's resources and bandwidth. As a result, the targeted system becomes overburdened and unable to respond to the legitimate demands of citizens.
Rest assured: Videotron Business' DoS protection service intercepts and neutralizes malicious attempts to overwhelm your systems.
-
The virtual private network
Working remotely is now a well-established practice. This expansion of the IT perimeter leads to an obvious increase in vulnerabilities and risks of cyberattacks. And this is where a virtual private network, or VPN, is able to guarantee your IT security.
The VPN offered by Videotron Business uses an encrypted remote connection protocol to the company's servers. It's a kind of secure extension of the internal network that allows employees to access applications and data that they normally have access to in the office, from any authorized device connected to the Internet.
-
SD-WAN technology
Do you want your municipality to be able to operate as if all its employees are grouped together at the same address, even if their offices are spread across the city? SD-WAN technology (meaning Software-Defined Wide Area Network) makes it quick and easy to add new sites to the organization's network, without having to worry about which Internet service provider is located at each of the addresses in question. Videotron Business’ SD-WAN solution is therefore a very effective way to create a single large unified virtual network, through the use of high-performance software.
Good practice
Contact us today to protect yourself from potential attacks!
30 november 2023, By Videotron Business