The last thing local government officials want to deal with is a massive data breach at the hands of an experienced hacker.
Spring Garden Township in December is hosting a one-hour cybersecurity training for its staff, police department and commissioners to prevent such an incident from happening. The Tri-Hill Road office will be closed from 8:30 a.m. to 10:30 a.m. on Tuesday, Dec. 11, while the training takes place.
York-based Stambaugh-Ness, a professional services firm, will conduct the training, board of commissioners president Tom Warman confirmed.
“In my opinion, cybersecurity is critical to maintaining public trust in today’s world, and we want to make sure that Spring Garden Township is doing everything it can to keep that trust,” Warman said.
Stambaugh-Ness works for the township already, Director of Technology Solutions Phil Keeney explained. Spring Garden will pay $400 for cybersecurity training.
Four other York County municipalities have undergone Stambaugh-Ness’ training, Keeney added. His firm deploys measures to protect Social Security numbers, for example, using multifactor authentication steps and ensuring data is encrypted.
Hacks often begin with a simple email request for sensitive information, he continued.
“When in doubt, if you are questioning an email, don’t open it and send it to a technical support team,” Keeney said.
Municipalities should “be very aware that they need to secure their information,” he noted.
“It’s not just their information, it’s their customers’ information,” Keeney said.
There is a global shortage of cybersecurity professionals, said Tamara Schwartz, York College assistant professor of business administration and cybersecurity.
“Local government sites are very porous due to lack of investment and expertise,” Schwartz continued. “This lack of expertise is an outcome of a significant shortage of people equipped to address these challenges. This global shortage of cybersecurity professionals is expected to reach nearly 2 million by next year — 2019.”
Confidence: A survey of 777 respondents published in October 2017 by state Auditor General Eugene DePasquale’s office shows that people aren’t confident that municipalities have enough cybersecurity power to protect them.
When asked how concerned they are about their private information being secure, 25 percent said they are very concerned, 41 percent said they are somewhat concerned, 23 percent said they are a little concerned, and 11 percent said they are not concerned at all.
“Unfortunately, once residents have entrusted their data to local governments, information such as titles, identification cards, tax record, etc., they have given up control,” Schwartz said. “However, everyone, both residents and employees alike, can work on good cyber hygiene by raising their awareness and recognizing that cyberspace is not a brightly lit street, but rather a dark alley full of dumpsters and shadowy doorways, and acting accordingly.”
Use caution when sharing personal information on social media; regularly change passwords; think before clicking on links or attachments in emails; and verify requests for personal information are coming from legitimate sources to improve data security, she said.
“Having had similar training in my job working for local government, I do believe that this training is extremely important,” township commissioner Dan Rooney said. “I believe all local governments should be proactive in this area to ensure that we are protecting both our residents’ and townships’ confidential data.”
Township Manager Marcy Krum-Tinsley said the training will cover:
- Threats overview
- Password and policies
- Web and social media protection
- Email protection
- Personal use of digital media
- Preventative measures
“It is not a requirement, but it is something that is critical with how vulnerable we (residents, businesses) are in this day and age,” Krum-Tinsley said.