Understanding the risks associated with vulnerable municipal board communications

Breaches in municipal board communications can lead to compromised sensitive data, legal challenges and erosion of public trust. City and county managers, clerks and council members need to be on top of the risks of insecure municipal communications and how they can safeguard the integrity and confidentiality of crucial municipal matters.

By understanding the risks and what you can do to mitigate them, you can proactively implement more robust cybersecurity measures. This ensures the confidentiality, integrity, and availability of vital municipal information while upholding the transparency and accountability that your constituents rightfully expect.

Don’t underestimate the value of a board management solution when it comes to securing municipal board communications. It serves a two-fold purpose: mitigating the risks associated with insecure communications, and also creating efficiency across different tasks and processes.

Risks of insecure board communications in local government

In early cyberattacks, cybercriminals centered their focus on banks and large corporations. As warnings about cyberthreats permeated the financial sector, banks and other strong institutions invested more of their money in cyber defense efforts, creating larger barriers to attacks. At that time, cybercriminals that attacked government sites did so primarily with political motivation.

Cybercriminals started looking for low-hanging fruit as their prospects for big financial enterprises began to dwindle. Smaller targets, including municipal governments, have fewer defenses, which makes them easier to break through.

Small corporations and local governments follow the same governance principles as larger corporations. The Securities and Exchange Commission (SEC) has issued strong suggestions for corporate boards to actively engage in cybersecurity measures. The SEC makes it clear that corporate directors bear the responsibility for preventing cyberattacks. The same holds for municipal councils. Cybersecurity management for municipal boards means secure council meetings and communications.

6 risks of insecure board communications

Electronic communication carries a degree of risk. As municipalities undergo digital transformation, they are communicating digitally more often, which creates more risks that may be overlooked.

Here are six risks of insecure board communications that municipal council members should be aware of:

1. Data breaches and cyberattacks: Board communications are a prime target for hackers. Inadequate security measures around your communications can lead to data breaches, potentially exposing sensitive information, confidential documents, and constituents' personal data. Vulnerable communications can attract cyberattacks, ransomware, phishing attempts, or malware, which can disrupt municipal operations and compromise data integrity.
2. Financial impact: Addressing the aftermath of a security breach can be very costly. When you consider the expenses related to investigations, data recovery, legal fees, and potential fines, the costs add up quickly.
3. Reputation damage: A security incident can tarnish a local government’s reputation, impacting its ability to attract investments, engage with the community, and retain qualified staff.
4. Unauthorized access: Weak access controls may allow unauthorized individuals to gain entry to board communications and potentially tampering with, or steal, sensitive information.
5. Privacy violations and legal/regulatory noncompliance: Breaches of confidentiality can harm the privacy of council members, employees, and constituents, eroding trust in the local government. Failing to secure communications may result in noncompliance with data protection laws and regulations, leading to potential legal consequences.
6. Loss of public trust: Security vulnerabilities can damage the public's trust in the local government's ability to protect sensitive information and make informed decisions.

With so much at stake, local government councils should implement robust cybersecurity measures to mitigate the risks. To protect council communications and uphold the integrity of their operations, councils must place a strong focus on encryption, access controls, employee training, and regular security assessments.

Risks of data breaches and recent cyberattacks

Municipal governments control access to critical data and systems, and they reach a broad base of citizens, making them a prime target for hackers. Municipalities routinely store personal and financial information on residents and government employees, which is a treasure trove for hackers. Local governments are also responsible for overseeing the many facets of local infrastructure that are vital for local safety and economics.

Municipal governments not only need to protect themselves against serious threats from outside actors. They also face threats from internal sources due to negligence, incompetence, or internal crimes.

Unfortunately it looks like the trend in cyberattacks against municipal governments will continue to rise in prominence and frequency, as at least one study shows. Public administration stands out as the most targeted industry in the 2023 Verizon Data Breach Incident Report. There were 3,270 total cybersecurity incidents between November of 2021 and October of 2022, which is the highest of all industries in the study. The report shows 582 data breaches in this segment, again the highest number for any sector in the report. What is even more concerning is that many attacks go unreported, so the number of breaches is likely higher.

Recent cyberattacks on local government

On February 8, 2023, cybercriminals launched a ransomware attack in Oakland, CA that crippled city systems. The attack exposed Social Security numbers, driver’s license numbers, birth dates, and home addresses. Information about the current and former mayors was also exposed in the attack.

Chicago Public Schools learned of a ransomware attack that impacted their data in April of 2022. The attack originated with a third-party vendor called Battelle for Kids. The personal data of nearly 500,000 students and 60,000 employees — including Social Security numbers, addresses, health data, and financial information — was exposed in the attack.

In another event, the hacker group Royal took responsibility for a cyberattack on the City of Dallas in May of 2023. The attack impacted more than 26,000 people whose Social Security numbers, medical information, and health insurance information were compromised. The attackers threatened to leak the data on their blog.

The costs of bringing systems back after a security incident are high. With threats constantly looming, municipal governments should take steps to prevent the loss of sensitive, private data and unauthorized access to their local government infrastructures.

As governments move toward smart city technologies, local governments also need to be proactive about identifying new types of threats in their quest to protect citizens. For example, cybercriminals could attack a digitally based tax collection system, which could cost municipalities immense amounts of money in damages, not to mention the cost of complicated and time-consuming response processes. The costs of unprecedented, looming threats may be higher and more damaging than what we've seen to date.

Municipal government staff and officials need to work with IT managers to obtain the right programs and platforms that help protect local government systems and their citizens' data.

How board management software can help with local government board communications

Third-party threats and cyberattacks can present a risk of long-term damage that can be difficult for local governments to overcome. Municipal councils are responsible for cyber risk, understanding the legal implications of data compromise, and continually measuring the effectiveness of the municipality's security strategy. There's no question that councils will be left holding the bag if their government institutions get victimized by cybercrime.

While municipal governments can't control the risk of a cyberattack, they can be proactive in preventing risks and controlling their response if an attack occurs. Now's the time to consider the dangers of insecure board communications in all aspects of government business. Implementing a government software solution like Diligent Community is a key defense to help protect your local government from the financial and reputational risk your municipality faces every day.

Diligent Community is a cloud-based board management software offering secure servers and 256-bit encryption, the strongest level of encryption currently available. These elements ensure privacy and security for your council's most confidential and sensitive data.

All data is encrypted, with a daily backup service to help mitigate risks related to sensitive data loss or exposure. Additionally, users can access 24/7 technical support, free of charge.

Leveraging board management software helps local councils mitigate the risks of sensitive data exposure or loss. Security features support and promote cybersecurity procedures that protect sensitive information. Maintaining secure and encrypted digital records, strong recovery methods, and a secure cloud network encourages a culture of strong cybersecurity practices including:

• Application Controls: Robust access controls for logging onto the system, plus in-app role-based security with the ability to limit authorized access
• Logging & Auditing: The application keeps audits that encompass login history and application-level document-sharing audit trails, available upon request.
• Secure Data Hosting: Diligent Community is hosted in Microsoft Azure, with all the protections afforded by a top-tier cloud provider. All data stored is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. Data in transit is encrypted using TLS (Transport Layer Security) 1.2.

Diligent Community also offers a highly secure transparency portal, where citizens can safely interface with their local government using a secure platform.

Cybersecurity must be an ongoing process, and vigilance is the key to safeguarding local government systems and data. Using board management software such as Diligent Community is a cost-effective and efficient solution to assist in the fight against local government cybercrime. It helps provide the necessary strong security, transparency, and accountability to your organization.

See how Diligent Community can help strengthen your government organization’s cyber resilience. Request a demo today.