Cyber Attack Resiliency

A Cyber Incident Response Plan (CIRP) ensures your local government can effectively plan for, respond to and recover from cyber attacks. A CIRP should include:

• Instructions on how to respond to common cyber incidents, such as phishing attempts;
• An overview of the resources, tools and safeguards your organization has in place;
• A summary of the roles and responsibilities of your response team, along with contact information for each team member;
• Incident reporting requirements and an incident report log; and
• Relevant elements of your entity’s business continuity plan.

All employees play a role in managing cyber risk. Cyber security should be a part of your organizational structure, and communication of each team member’s responsibility is key. Staff members are more likely to follow policies if they understand how they fit into the big picture. Even a simple 5 - 10 minute training at a staff meeting to review policies on internet and email use, along with use and disclosure of confidential information, can make a difference.

Security Awareness Training

Each employee should be able to spot a fraudulent link in a phishing email. Security awareness training from services such as KnowBe4 or other providers can be a great way to provide employee training. Keep in mind that too many rules or complex policies and procedures for employees can lead to indifference. Starting with social engineering or password strength and management can be a great way to begin.

Identifying Sensitive Data

Never assume that something you think is common sense is all that common. It can be difficult for employees to determine what constitutes personally identifiable information (PII), so make sure you have clearly communicated to your employees what information is confidential and should be safeguarded, along with the potential consequences of a breach and their obligation to report any breaches.

Next Steps to Consider

As you establish your Cyber Incident Response Plan and continue security awareness training, also consider security measures such as multifactor authentication, server solutions, end point solutions and penetration testing. Your organization should be engaging an IT professional to assist you. It is not a question of if you will be targeted by cyber criminals, but when.

Log in to the PE Partners Member Portal to review the Sensitive Information and Computer Network Safety Loss Control Guideline. This detailed guideline provides a self-assessment tool that can help you get started. If you have additional questions, please reach out to our loss control team.

East Tennessee

Bill Magoon

BMagoon@PEpartners.org

Middle Tennessee

Jim Bell Hatchell

JHatchell@PEpartners.org

West Tennessee

Andy Lacewell

ALacewell@PEpartners.org