Since March 2020, the open internet is both the backbone and 'Achilles' heel of every municipality. Many municipalities are/were forced to work remotely, and this trend is likely to continue and even accelerate.
As an IT Director, you must always ensure the internet use policy in your org is employed for email, meetings, and contracts. If you’re using a filter or proxy for internet access/usage, implement regular reviews to make sure it’s up to date and functioning properly.
Pro Tip: Remove internet access from servers (unless restricted) with only specific exceptions to services requiring internet access. Block and close each un-needed port for the day-to-day workloads of each server. In particular, make sure the commonly exploited protocols cannot be used externally (SMB, LDAP, SSH, FTP).
Network Monitoring and Detection
Monitor closely the internet-facing servers and Internet traffic using dedicated solutions
Verify the GEO blockings are indeed enforced by your Firewall (in many cases, the bad actor still find their way in)
Use a next-gen NDR solution to analyze your network data and detect sophisticated threats, in particular, make sure to have a detection solution looking at your East-West traffic (internal servers)
Municipality employees can be your strongest defense against cyberattacks - or can be an easy back door into the network. This depends on you and your cybersecurity strategy. One time a year is not enough in 2021 to train your employees for a baseline of cyber-defense strategies. Make sure that employees aren’t checking emails, doing personal things, or aimlessly browsing the web (besides for wasted productivity ;-) from servers, or especially aren’t using admin access/privileges. Create a Cyber-First organization culture. Even in the worst-case scenario, creating this proactive approach will minimize the impact of attacks in the event user details get compromised.
Pro Tip: Implement regular, monthly training for your employees. Remember that the employees are the first line of defense - they are your gatekeepers. Keep them up to date with a proactive cyber-defense strategy.
This is the easiest way for an IT Director to fail, and it’s all too often overlooked. It’s crucial to use non-standard, multi-character passwords. Never rely on defaults, especially for any IoT equipment like printers, smart cameras, network devices, etc. If feasible, try to use password manager software like Roboform or Nordpass.
Pro Tip: Use password manager services, enforce strict password policies and add a list of blocked passwords to the active directory.