skip navigation

5 Ways Local Government Managers Can Support Cybersecurity Efforts

July 20, 2015 by Josh Mahar
Category: Cybersecurity

5 Ways Local Government Managers Can Support Cybersecurity Efforts

Over the past few months MRSC has been working with the support of the State Auditor's Local Government Performance Center to help local governments improve their cybersecurity. The culmination of that effort is our new Information Security Assessment Tool, a one-of-a-kind resource that allows local governments to measure their current cybersecurity maturity and to plan for attainable and effective actions to increase that maturity.

Interestingly, while developing this tool, one of the common themes we heard from IT staff in our survey and focus group research was the desire for non-IT management to be more engaged in cybersecurity. While respondents were pleased that local government managers understood the severity of this growing issue, they also said that implementation is often left entirely to technical teams and IT staff to handle. Unfortunately, the reality is that cybersecurity is not just an IT issue. Without managerial support, cybersecurity efforts are often ad hoc, slow, and dispersed, making them much less effective than they could be.

To get you more engaged, we've put together this list of ways that you can help support and foster cybersecurity efforts within your agency.

1. Bring All Stakeholders to the Table

One of the most important things that local government leaders can do is to communicate to the entire agency that cybersecurity isn’t just an “IT Issue”. As savvy as an IT team may be, technology is pervasive in nearly every local government operation, making every staff member a potential cybersecurity risk. Thus, it is management’s job to foster cybersecurity discussions across your departments, helping get everyone talking and acting on the same page. 

2. Clarify Roles and Responsibilities

In some instances, it may make sense for your organizational-wide IT team to handle security, but, at other times, individual departments will play a critical role.  Make sure your frontline departments have considered cybersecurity issues before committing to a new software application or adopting an e-government practice. Having these conversations and explicitly spelling out the responsibilities of various teams and individuals will help ensure that tasks are getting done and that your agency is well prepared for a cyber-attack.

3. Establish a Baseline

A critical step to improving cybersecurity is simply knowing your agency's existing risks and security measures. One option for establishing a baseline is using our new Information Security Assessment Tool. There are also many resources for having an outside assessment done, which can be a great option if you have limited internal resources or expertise. But, no matter how you do it, make sure you and other stakeholders are engaged in this process and understand the vulnerabilities as best you can.

4. Develop and Follow a Cybersecurity Action Plan

As they say, “what gets measured gets done;” so if leadership isn’t tracking cybersecurity efforts it’s easy for them to get left behind as employees focus on their day-to-day tasks. Local governments should use their assessment as a focal point to bring together stakeholders and put together an action plan for how to move the needle of cybersecurity efforts forward. Building in a schedule for regular reviews of the plan is also critical to measuring progress and maintaining accountability.

5. Provide Ongoing Resources

While one-time technology upgrades can certainly help your cybersecurity, the bulk of your security efforts comes in the form of regular monitoring and maintenance. So, one of the best things leadership can do is establish an ongoing cybersecurity budget. Industry best practice suggests that agencies should dedicate 7% of an IT budget to security, but even just having some dedicated funds can be a huge help. 

You can also get your legal team involved in cybersecurity with our upcoming webinar: Understanding the Legal Aspects of Cybersecurity.

About Josh Mahar

Josh joined MRSC in September 2013 as the organization’s first Communications Coordinator. His professional experience includes strategic communications work for the Museum of History & Industry (MOHAI), Portland State University, and the Seattle Department of Neighborhoods. Josh has also been heavily involved with local government, working on urban policy issues with Forterra and the Seattle P-Patch program, along with a stint on the Capitol Hill Community Council. Josh has two degrees from the University of Washington, a bachelor’s degree from the Jackson School of International Studies and a master’s degree from the Evans School of Public Affairs.



"Hi Josh, I like the direction of your piece, to add some international perspective, and highlight the growing size of the problem: I was recently reading about the problems businesses face in the UK. The UK Government report found that nine out of ten (90%) large organisation had a breach last year compared to 81% the year before, while small organisations saw a 14% increase in those responding that they had been breached to 74%. Those organisations too are footing massive bills, with costs for the worst incident for large organisations range from just under £1.5 million (£1,455,000) to £3.14 million. For small organisations, the range starts at £75,200 to £310,800. With as you highlight in your piece, one of the primary issues is that staff are not often sufficiently trained, which means that they are easily taken advantage of - with the consequence, breaches. Regards, Peter Source:"

Peter Brown on Jul 22, 2015 11:19 AM

1 comment on 5 Ways Local Government Managers Can Support Cybersecurity Efforts


Blog Archives


Follow Our Blog