Jill Holtz

Content Strategy Manager

The human factor: Educating local government council members on cybersecurity

As a local government council member and decision-maker for your community, you likely handle sensitive information related to your constituents, community and operations on a regular basis. Unfortunately, this makes you a prime target for cyberattacks.

Cybersecurity education is a key tool in the fight against cybercrime. Equipping council members with cybersecurity knowledge and best practices not only safeguards critical data, but also empowers them to make informed decisions on cybersecurity policies, budgets and risk mitigation strategies.

On top of that, an educated local government council is better positioned to lead by example, champion cybersecurity initiatives and foster a culture of cyber resilience throughout the organization.

As cybersecurity threats become increasingly sophisticated and widespread, investing in the education of council members is a crucial step in protecting the integrity, confidentiality, and availability of essential government services and information.

Challenges with council members and cybersecurity

Local government council members may encounter several challenges in understanding cybersecurity and its relevance to their roles:

• Limited cybersecurity background: Many council members may not have a background in cybersecurity or IT, which can make it challenging to grasp complex cybersecurity concepts and threats.
• A rapidly changing threat landscape: Cyberthreats evolve rapidly, and council members may struggle to keep up with the latest trends and vulnerabilities.
• Time constraints: Council members often have demanding schedules, and finding time for in-depth cybersecurity education can be difficult, leading to gaps in their understanding.
• Technical jargon: The technical terminology and jargon associated with cybersecurity can be daunting and confusing for those without a technical background.
• Resource constraints: Local governments, particularly smaller ones, may have limited budgets and resources to allocate to cybersecurity training and awareness programs.
• Compliance complexity: Understanding and complying with cybersecurity regulations and standards can be complex and time-consuming.
• Balancing priorities: Council members must balance cybersecurity concerns with other pressing issues, such as public safety, infrastructure, and budgets.
• Overreliance on IT Staff: Some council members may assume that cybersecurity is solely the responsibility of IT professionals and fail to recognize their own role in governance and oversight.
• Lack of awareness: Council members may not fully appreciate the severity of cybersecurity threats or the potential consequences of a breach.
• Cybersecurity fatigue: Council members may experience "cybersecurity fatigue" due to the constant stream of security alerts and threats, leading to complacency or indifference.

Cyber risks in local government

The growing dependence on technology for administrative tasks, service delivery and communication has made our local government institutions vulnerable to cyberattacks.

Meanwhile, your board has to make an array of decisions that affect the district and its stakeholders. Board communications, data handling and information security all come into play here.

Consider these scenarios:

• A board member emails a document with unencrypted sensitive data to the administrator.
• Documents containing sensitive data are stored on a file-sharing app that is hacked or accidentally posted in an insecure location.
• A board member falls victim to a phishing email that appears to be from a trusted source, but is actually a malicious attempt to steal login credentials or distribute malware.
• Plans for a new policy are accidentally shared online before legal review has taken place.
• A council member uses a weak or easily guessable password for their email or document-sharing accounts.
• During a board meeting, a member shares confidential documents with the wrong person.

The risks associated with board communications, data handling, and information security within local government organizations can also be problematic. For example:

• Council members often communicate sensitive information electronically, and without proper encryption or secure channels. This data can be intercepted or compromised.
• Council documents can contain very sensitive data, which makes them attractive targets for cybercriminals seeking to steal or exploit this information.
• Inadequate data handling practices and security protocols can lead to data breaches with far-reaching consequences.
• Document and file-sharing without proper permission controls not only poses security risks but also raises governance, compliance and reputation issues for local councils.
• Beyond data security, the reliability of board operations and decision-making can also be compromised, as cyber incidents may disrupt critical processes and hinder effective governance.
• The damage inflicted by breaches extends to the local council’s reputation, eroding trust among stakeholders. This can have long-lasting implications for your district's standing and credibility.

Training and technology can be used to mitigate cyber risk

To address these challenges, local government council members can benefit from tailored cybersecurity education and training programs that provide them with practical, non-technical insights into the importance of cybersecurity, its relevance to their roles, and actionable steps they can take to enhance the security posture of their local government.

Collaboration with cybersecurity experts and IT professionals can help bridge knowledge gaps and develop effective cybersecurity strategies within local government bodies.

The good news is that board management software is also a powerful ally in mitigating cyberthreats, offering an innovative solution to strengthen your security education, streamline governance processes and foster resilience in the face of digital challenges.

Board management software aids in secure data handling, communication and collaboration, and can also support your cybersecurity education efforts:

• Board management software can be used as a platform for key cybersecurity training materials.
• Cybersecurity resources, articles and best practices can be curated within the software.
• As new council members join, they can access all the materials to make sure they are up to date on your organization’s cybersecurity best practices.
• You can provide access to webinars and workshops on cybersecurity for council members.
• Interactive tutorials, quizzes and resources on cybersecurity can be provided within the software to engage and upskill council members.

Board management software fosters continuous learning and engagement for council members with convenient, easy access to all cybersecurity materials.

Secure messaging and file-sharing features within the board management software help prevent unnecessary and insecure communication or unwanted cyberattacks.

Board management software such as Diligent Community also incorporate role-based access controls, permitting only authorized individuals to view, edit or share specific documents or information. This granular control helps maintain data integrity by preventing accidental or malicious breaches.

Secure communication channels protect confidential council discussions, all helping to promote a culture of secure data sharing among council members.

Equipping local council members with secure tools to upskill and stay safe

Ultimately, by incorporating board management software into their governance processes, local government organizations can enhance their data security and privacy measures, instilling confidence in their stakeholders while effectively safeguarding sensitive information.

If you haven’t already implemented board management software, now is the time to equip your local council members with secure tools to acquire the knowledge they need to be cyber-savvy and to protect sensitive information.

Adopting board management software like Diligent Community helps local councils to integrate ongoing training on cybersecurity best practice into daily council business, and to mitigate those risks. The right security features, along with daily backups, support and promote practices that protect the sensitive information of your district, while providing your council members and administrators with a seamless, streamlined tool to share and access pertinent information.