How do you know if your computer systems or physical oﬃce space is at risk for cybersecurity threats and intrusions? Before throwing up your hands and hiring a vendor, you can use lots of free resources designed to help anyone from novices to experts better understand their technological footprint. You don’t need any special training or knowledge to be proactive today. We have compiled a few resources to help you get started. Approach this as an internal audit to learn about your systems. There are checklists available online that mimic those used by technology and cybersecurity ﬁrms. For more information on security audits as well as technology and cybersecurity services, view the links at the bottom of this page.
The first step is to inventory your municipality’s digital and paper assets. This includes systems and hardware used by oﬃcials who conduct business outside the town office (such as individuals who send town-related emails from personal email accounts using his or her home computer).
General Asset Sample Inventory Questions
- What kinds of records do you manage?
- What format are they in?
- How are they stored?
- What software and hardware are you using?
- What digital security measures are you currently aware of that are in place? (examples include: virus software, password managers, multi-factor authentication, etc.)
- How is your physical workspace set up? What kinds of security do you have in place for physical assets? (sign in sheets for visitors, key cards, video cameras, etc.
- Who has access to your systems, oﬃce space, and passwords?
- Do you have a technology use/cybersecurity policy? Is it up to date
- How often, if ever, do you or your staﬀ receive training? Who conducts it? What topics?
Review the guidance, checklists, and samples via the links below to customize your own assessment.
Understanding your systems will help you better assess the security currently in place as well as what may be needed. Next, identify questions you have about those systems and assets to share with internal staff or vendors responsible for you municipality’s technology security. We have provided a list of resources below to help you in start this process.
Conducting an internal audit prior to engaging an IT service provider or with your current vendor can be helpful: check out the VLCT Information Technology Audit - Learn About Your Risk resource below for some vendor information, useful tools and guidance on conducting an IT audit.