4 Cybersecurity Tips for State & Local Governments

Cyberattacks: Threats on the Rise 

When it comes to protecting citizens, nothing is more important than data security. But unfortunately, state and local governments are prime targets of cyberattacks.  

Not only do these nearly 100,000 entities across the United States handle large amounts of sensitive and personal data on a daily basis, but limited budgets mean they often don’t have the in-house IT support they need. These factors make them especially vulnerable to malicious actors, ransomware, and phishing attacks. 

In the State of Ransomware in State and Local Government 2022 report, Sophos reports that 58% of state and local governments were hit by ransomware attacks in 2021 – representing a 70% increase in these attacks since the previous year. 

The same report found that only 20% of government organizations manage to stop these attacks before the data could be encrypted by bad actors, falling behind the industry average of 31%. 

Addressing cybersecurity concerns is not an option for state and local governments. So, what are some practical ways to build a robust Internet safety system? 

Tip #1: Conduct a cybersecurity audit to expose weaknesses. 

It’s difficult to know where to start if you don’t know where your weaknesses are. Consider conducting an audit of your cybersecurity to evaluate the health of your current system and discover weaknesses.  

The NIST Framework is considered the ‘gold standard’ of cybersecurity defense. Check out the NIST website to learn about this framework, as well as gain access to assessment tools that other local governments use to evaluate their cyber health. The closer your government entity comes to meeting NIST standards, the stronger your cybersecurity will be. 

The Cybersecurity and Infrastructure Security Agency (CISA) also provides a wealth of cyber defense resources for state and local governments, including helpful articles, news, and information on how to identify and contact your regional office.  


Tip #2: Adopt the .gov domain. 

StateScoop reported that as of September 2022, only 23% of local governments had adopted a .gov domain. While it may not seem like a critical measure, this domain registration comes with a host of cybersecurity benefits. And, while registering a .gov domain previously had an associated yearly charge, it is now available at no cost to qualifying government institutions. 

As .gov domains are sponsored by CISA, the organizations CISA, NIST, and GSA collectively monitor any issues that may arise within these domains. Multi-factor authentication (MFA) is enforced on all .gov accounts, and users are blocked from using passwords that have been identified in known data breaches.  

To learn more and apply for your .gov domain online, visit here. 


Tip #3: Add a publicly available security contact. 

It is considered best practice to add a security contact to your organization’s website. Usually an alias, such as security@[domainname].gov, these email addresses enable users of your site to report any suspicious activity they observe on your site. This email inbox can be monitored and shared by multiple members of your staff, and when reports come in, they should be investigated promptly. 

You can view an example of this at the top of this CISA page 


Tip #4: Prepare for a possible attack.  

While no one wants to believe that a cyberattack could occur in their organization, it is best practice to create a written response plan that outlines a sequence of steps to follow in the event of a security incident. Be sure to define what constitutes a cyberattack, identify responsible staff, clearly state the series of actions that should be taken, and explain a follow-up procedure.   

Having a document like this in your IT team’s back pocket will not only reduce stress but ensure decisive remedial action should a cyberattack occur.   

Choosing the Right Cybersecurity Partner 

 It may seem overwhelming to think about implementing all these systems at once, but the good news is, you don’t have to do it alone. Vendor partners who have expertise in the areas we’ve discussed can assist you in getting your state or local government up to speed on cybersecurity. 

 It’s important to recognize that while there are many software platforms, data management tools, and programs on the market, not all of them have robust security protocols and safeguards in place. As you evaluate your existing and prospective technology partners, be sure to select vendors who uphold security and data privacy at every level. 

 When it comes to data security, a proven track record is the best place to start. Kajeet operates with the highest degrees of network, software, and physical security. Our patented, award-winning Kajeet Sentinel® platform includes out-of-the-box security protocols, robust threat detection, and robust firewalls, preventing any outside access or interference. All Kajeet solutions operate on a secure, private network gateway – meaning that sensitive data never hits the public Internet. And, our AWS data centers operate on a hybrid public/private cloud and offer best-in-class equipment.  

While no system is foolproof, Kajeet’s security investments allow us to confidently offer our public sector partners the safest managed wireless connectivity solution on the market.   

Now is the time to explore your organization’s cybersecurity protocols and tighten up your data protection plan. To learn more about how Kajeet can help your government entity, contact us today:

 Talk to Us