When we were developing the curriculum for our Resiliency Academy last year, we were somewhat hesitant about focusing on cybersecurity for an entire session. The concept of resilience is broad, and includes many different topics, so we debated spending one of five sessions focusing on cybersecurity. However, it has become increasingly clear how important it is for businesses and municipalities alike to plan for cybersecurity threats. Recently, the Town of Peterborough was the target of a cyber attack resulting in a loss of $2.3 million. Cybersecurity attacks are not limited to impacting only corporations and businesses.
During our Resiliency Academy, we were joined by a panel of cybersecurity experts moderated by Julie Demers, Executive Director, NH Tech Alliance. Panelists included Jacob Blacksten, Digital Solutions Manager, Delaware Small Business Development Center; Sonja Gonzalez, Chief Information Officer, City of Rochester; and Jeremy Hitchcock, Co-founder, Dyn; Co-founder, Minim. We gleaned a number of tips and recommendations from the panelists. Here’s some of the key takeaways:
Businesses and communities, no matter the size, are at risk. A lot of people think they don’t have enough interesting information to access. Hackers are going after everyone, and many are programmed bots looking for an open door.
Cybersecurity is a key component of preparing for disturbances and disruptions. The onset of the pandemic led to an increase in remote work. Having employees already set up to work on mobile devices is important for a seamless transition to remote work. Ensure staff have devices and are able to access the VPN and any other systems necessary before a disturbance.
Humans are the biggest weakness in cybersecurity systems. A lack of cybersecurity awareness and human error can lead to issues. Working in the virtual environment and relying on different ways to communicate can open the door to cybersecurity attacks.
Staff training on cybersecurity is key. As humans are the biggest weakness, it is important to take time to train staff, especially on phishing emails. Some emails are clearly spam and others are more challenging to discern. Staff should learn to read emails carefully, detect and question emails that are suspicious.
Use multiple methods of communication. Using other methods of communication besides e-mail can help staff verify suspicious looking emails. For example, create a Slack or Microsoft Teams channel to share emails that look suspicious.
Build a culture of cybersecurity awareness. IT staff should not be the only staff working on cybersecurity, all employees should be engaged. Employees should understand the importance of cybersecurity precautions.
Start developing a cybersecurity plan. While it may seem daunting to develop a cybersecurity plan for your business or community, it is an important first step. Plans don’t have to be completed 100% and can be developed over time. It’s not necessary to have a lot of funding to work on cybersecurity. Take small steps and continue to work and improve cybersecurity systems.