Improve your cybersecurity without breaking your budget

Last month, President Biden warned that Russian cyberattacks on American companies were coming, and he urged them to harden their defenses. In separate news earlier this month, the FBI reported that local governments—and the critical services they offer—are becoming attractive targets for cyber criminals.

Warnings like these can leave small local governments stressed and overwhelmed as they try to balance the need for increased cybersecurity and finding funds to pay for it. What you may not know is that help is available to your government at little to no cost, and you can get started today! We've identified three important steps you can take to defend your government against cybercrime. You will find additional resources in our new guide.

1. Strengthen your cyber defenses. You need to stay informed of current threats because they change constantly. That's why we recommend you become a member of the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC distributes cybersecurity advisories with timely information about vulnerabilities in software and hardware; it also gives members access to a library of cybersecurity resources. Funded by the Department of Homeland Security, MS-ISAC offers immediate help to your government if you experience an incident, and most of its services are free to local governments! Sign up for MS-ISAC today.
2. Train your employees. It's not enough for IT staff to track cyberattacks: your employees must also be aware and mindful of online threats. Phishing emails are one of the top methods attackers use to gain access to your computer systems. Training employees to recognize phishing emails reduces your chances of being a victim of such attacks. Many organizations offer free cybersecurity training to local governments. FedVTE's cybersecurity training website offers free, online, on-demand courses, including basic training for managers and more technical training for IT staff. You can sign up here for the FedVTE resources. Additionally, the National Cybersecurity Alliance has short, fun, cybersecurity awareness videos that engage as well as educate your employees. You can review the organization's free videos here and send links to your employees to reinforce the importance of staying vigilant against online threats.
3. Create strong IT security policies. When leadership crafts and endorses strong IT security policies, they help ensure the organization adheres to any applicable laws and required regulations. It also allows you to create an organizational culture that emphasizes the importance of cybersecurity. The Cyber Readiness Institute offers short courses to help you develop and implement policies in just a few weeks. When you complete the Institute's cyber readiness program, you will have a baseline survey of your government's password policy, phishing awareness and software update practices. The Institute also offers a certification program aimed at managers and executives. It can teach you how to implement cybersecurity change within your organization, identify and prioritize resources, and consider third-party vendor management. You can enroll in these programs here.

These are just a few of the free and low-cost resources available to local governments—of any size—to help you improve your cybersecurity posture. Our new resource contains more information to help your government improve its cybersecurity practices without breaking your budget. You can also find additional information on SAO's #BeCyberSmart webpage, including information on cybersecurity for your specific role in government, such as facilities and operations, finance and administration, or legal and compliance.

How to reach us for more assistance

Do you have questions about cybersecurity? SAO's Center for Government Innovation has a cybersecurity specialist available to talk with you about best practices and resources. For assistance, reach out to us at Center@sao.wa.gov.