Jeffrey Ziplow, MBA, CISA, CGEIT
Partner

It has become an increasingly common occurrence to see data breaches at large multi-national corporations that have put consumer’s personal information at risk. In recent years businesses such as Anthem, Sony and Target have all been thrown into crisis thanks to hackers breaking into their systems, gaining access to protected information and causing widespread panic.

Businesses have responded, as they should, by beefing up their security systems and putting new mechanisms in place to prevent those who wish to do harm from doing so, and in many instances the added measures have greatly improved security and given consumers peace of mind.

But there are other areas besides businesses that continue to be at risk. Municipalities, school districts and not-for-profits all store large amounts of vital personal information and, unlike with businesses, it’s not just financial information that could be at risk. There is a large amount of personal information—social security numbers, health records, etc.—and other information from additional compliance standards that need protection.

How Can Cities, Towns, Schools and Non-Profits Protect Against Cyber Attacks?

The good news is that municipalities, school districts and not-for-profits do not have to live in fear that their information is vulnerable, nor do they need to feel unprepared for a cyber attack. Clearly the best way to alleviate these concerns is to put in place comprehensive cybersecurity measures that will keep the would-be thieves out and the information safe. The only caveat is municipalities, school districts and non-profits can’t wait for a breach to occur, they need to act immediately to put the right preventive mechanisms in place, before those who seek to disrupt and cause chaos get their chance.

So what can be done to prevent a cyber attack in these critically important areas? There are plenty of measures that can and should be put into place.

Technology Risk Assessment and Security Check-ups

It begins with an initial technology risk assessment, where it is determined exactly what information asset(s) a municipality, school or non-profit has and then where the vulnerable areas are. A thorough inventory of all security systems will provide the roadmap needed to get secure information, and once it is complete, the entity will have an understanding of what security protocols are working and what needs to be strengthened.

From here, security checkups can be routinely administered, followed by the implementation of protocols to reduce the risk of attack and then even a simulated attack—think of it as a “test run” or a fire drill— to see how these new systems are working. Advanced testing can also be considered, such as wireless security, phishing assessments and penetration tests, as well as a complete organization-wide update on the latest in malware and ransomware viruses.

Data Encryption

One critical step that has worked for businesses and can work equally well for municipalities, school districts and non-profits is data encryption.  This technology is basically a tool that scrambles information so that it can only be read by someone who knows the encryption key and otherwise becomes utterly worthless to people looking to steal it. The key is identifying where the critical information exists and figuring out ways to encrypt it so that it cannot be used by outside parties. While this has now become commonplace in the business world, public and not-for-profit entities are not quite as far along in implementation, which adds to the urgency.

The Future is Cybersecurity

Cybersecurity is a global concern today, and with good reason—cyber attacksoccur tens of thousands of times a day across the nation and the world. While the question once was, “Could we be attacked?” it has now become more ominous, “When are we going to be attacked?” And in some cases, the attacks have already happened, or are imminent. But the risk reduction measures already put into place in the business world need to be incorporated into municipalities, school and non-profits and work with equal effectiveness.

Times have changed and our public and non-profit entities need to change with them. While many people may prefer not to think about it, their personal information is more at risk than ever to outside attack; it is no longer just a paper form sitting in a locked file somewhere, but rather digital information that without proper security can be stolen and shared worldwide before the victim is even aware.

Much like businesses have done in the past few years, municipalities, schools and non-profits can take swift, responsible action to protect this highly sensitive and personal information that they store. And once that happens, everyone can sleep better at night knowing they are much safer from potential harm than they were before.

Additional Cybersecurity Resources from BlumShapiro:

Cybersecurity Webinar on Best Practices Download

How BlumShapiro's Cybersecurity Team Can Help:

Could your organization be vulnerable to a cyber attack? What is your current exposure? How would your business continue to function in the event of a breach? Our cybersecurity experts can help you address the vulnerabilities and risks your organization faces against cyber security threats. Remember, the costs of developing a security strategy you feel confident about are minor compared to the potential financial and reputation risk if an attack or breach occurs. Learn more about our services >

Litigation Support Services

Advisors | Auditors | Consultants | CPAs – BlumShapiro is one of the premier consulting firms in New England and a Top 100 CPA Firm in the U.S. Our professionals serve companies in Boston (MA), Hartford (CT), Cranston (RI), Shelton (CT) and Quincy (MA) with technology consulting, business valuations, litigation support, project management, process & controls and bankruptcy consulting services. We are a Intacct Partner offering accounting software including Cloud ERP solutions. Learn more about our City of the Future offerings.