In 2023, the city of Oakland experienced a ransomware attack that disrupted multiple city services, leading to data leaks of sensitive employee information. In the same year, the city of Dallas faced a similar ransomware attack that crippled IT systems, which could have been prevented by stronger authentication measures and better incident response planning. In another recent attack, the city of Lowell, Massachusetts experienced a phishing attack that compromised email accounts and exposed sensitive information.

To make things worse, over the last year, advancements in AI have significantly “improved” the tool chest available to cyber criminals, enabling them to launch more sophisticated and targeted attacks than ever before. These tools have enabled cybercriminals to automate various aspects of their operations, including reconnaissance, attack execution, and evasion techniques so that they can now leverage AI algorithms to analyze vast amounts of data, identify vulnerabilities, and exploit holes with precision and speed.

Public sector organizations are particularly prone to cyberattacks due to a combination of factors including the vast amount of sensitive and valuable data they hold, the presence of often outdated, legacy, or poorly maintained IT infrastructure, and limited budgets that restrict investments in robust cybersecurity measures. Additional risk factors include the criticality of public services, leading to a higher likelihood that ransoms will be paid quickly and the presence of diverse recordkeeping and security practices across multiple departments or divisions, leading to increased vulnerability to sophisticated attacks.

Against this backdrop, it has become increasingly important for public sector organizations to ensure that their Enterprise Content Management (ECM) systems are equipped and deployed with robust security attributes and that their staff adheres to information governance best practices.

Practically, this means that, in addition to deploying security measures such as strong authentication and access control mechanisms (e.g., multi-factor authentication and role-based access controls), filtering, data encryption, automated alerts and monitoring, and cybersecurity training, public sector organizations must “bake-in” information governance best practices into their ECM system configurations.

Broadly, these practices include:

Clear “Importance-Based” Policies for Data Classification, Retention, and Disposal: Municipalities should establish and enforce clear records management policies that classify data in the ECM system based on sensitivity and importance. For instance, public records, financial data, and personal information should be categorized separately with specific handling protocols and based on retention schedule requirements.

Training and Policy Development: Municipalities should create an ECM-system handbook that outlines data handling protocols, encryption standards, and steps to report security incidents and supplement the handbook with training sessions and testing to ensure staff understand and adhere to these policies. These sessions can include workshops, online courses, and simulated scenarios to reinforce learning.

Incident Response and Disaster Recovery Plans: Given the types of ECM-system data managed by municipalities (and its sensitivity), municipal teams must be able to swiftly and effectively respond to cyber incidents, so that they can minimize damage and recovery time. These plans should include a dedicated incident response team, advanced threat detection systems, protocols for threat containment and eradication, regular data backups, system redundancy, and detailed recovery procedures as well as regular testing.

By incorporating these security attributes and adhering to information governance best practices, municipalities can significantly bolster the security of their ECM systems, thereby cost-effectively reducing the risk of cyberattacks like spoofing and spear phishing.