The digital age has ushered in many opportunities for counties to improve service delivery speed and efficiency through the increased use of technology. Many benefits come with modernizing county administrative processes and operations, and counties will continue to adapt to ongoing technological developments. As this occurs, counties need to be aware and prepared for the inherent cyber risks that also come with information technology systems.
There are many ways in which I.T. systems and data can become compromised, stolen, or withheld for ransom. The costs to recover from a cyber-incident can be staggering, and the impact on public trust can be challenging to restore. Fortunately, there are resources available to help counties identify potential vulnerabilities and reduce their cyber risk.
eRiskHub® Available to NCACC Liability & Property Risk Pool Members
NCACC Liability & Property Risk Pool members have exclusive access to an online portal, the eRiskHub ® powered by NetDiligence, a leading cyber risk readiness and response service provider. The eRiskHub is a subscription-based service that helps counties assess their level of cyber risk exposures, develop a response plan, and minimize the effects of a breach. The portal includes a variety of tools and information to help your county reduce its risk exposure to cyber intrusions, including:
- Cybersecurity education and training videos and webinars
- Self-auditing tools to assess cyber risk
- Access to cyber news, threat intelligence information, data, research, and other tools to explore losses, fines, and penalties related to cyber breaches
- State-by-state legal requirements for breach notification
- A cost calculator to estimate the financial impact of breach notification requirements
- Contract guidance for third party Cloud services
- Company directory for additional, fee-based cyber services
The eRisk Hub also provides customizable templates and sample policies to guide your county in implementing cybersecurity risk reduction procedures to manage better:
- Antivirus/malware exposure
- Network security/access
- Incident response
- Personal device use
- Phishing prevention
- Physical security
- Security awareness and training
- Sensitive information
NCACC Partners with CIS® to Provide 100 Counties Free and Discounted Cybersecurity Tools and Services
NCACC partnered with CIS® (Center for Internet Security, Inc.®) to help counties implement best practices and address various cybersecurity needs. CIS operates the MS-ISAC ® (Multi-State Information Sharing & Analysis Center ®), designated by the U.S. Department of Homeland Security to serve as the nation’s central cybersecurity resource’s state, local, tribal and territorial governments (SLTT).
All 100 counties can access various free cyber resources, including 24×7 support, real-time monitoring, early threat detection, incident response support, intelligence advisories, and alerts by registering with MS-ISAC. NCACC’s partnership with CIS also allows counties to access low-cost paid services such as enhanced monitoring using an intrusion detection system, phishing tests, penetration tests, and other consulting services. CIS also provides SLTT organizations with an election-focused cyber defense suite through the EI-ISAC® (Elections Infrastructure Information Sharing and Analysis Center®). Click here for a detailed description of all CIS offerings.
Among many other things, counties can access:
Free I.P. address and domain monitoring services and threat-based vulnerability assessments
CIS’ Security Operations Center, a 24/7 centralized triage point for threat and vulnerability detection, analysis, notifications, and assistance at no cost. Analysts monitor and alert MS-ISAC users of suspicious activity
Computer Emergency Response Team (CERT), which provides incident response, computer forensics, and malware analysis services at no cost
CIS-CAT, which helps ensure security compliance by comparing the current system settings of the county’s technology equipment to best practice settings – at no cost
CIS CyberMarket, a collaborative purchasing program that serves SLTT government organizations, not-for-profit entities, and public health and education institutions to improve cybersecurity through cost-effective group procurement; and intelligence reports and alerts, and webinars to increase cyber awareness and education at no cost.
To access free services offered through the MS-ISAC, counties must complete an online registration form available here or contact: [email protected]
CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global I.T. community to safeguard private and public organizations against cyber threats. The CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing I.T. systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced I.T. professionals. Our CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit www.CISecurity.org.
Get information on fee-based services from CIS
Incident Response for NCACC Risk Pool Members
NCACC Liability and Property Risk Pool members that suspect a data breach, privacy violation, or other cyber event are instructed to notify Sedgwick Claims as soon as possible by calling the main line at (800) 822-4469. If no answer or not immediately available, then contact:
Tanya Silverthorne, Claims Director – (704) 423-6239, [email protected]
Virgil Hollingsworth, L&P Claims Examiner – (704) 423-2077, [email protected]
Charlie Eaton, County Risk Group Director – NCACC Governmental Risk Pools – (919) 719-1130, [email protected]
If appropriate, your Claims Representative will contact the Breach Coach®, a privacy attorney, on your behalf. The Breach Coach will help you determine:
- Is a computer forensics investigation needed?
- Are breach notifications required?
- What is the potential for regulatory fines or penalties?
- What is the potential for legal action?
- What are your next steps?