The digital age has ushered in many opportunities for counties to improve service delivery speed and efficiency through the increased use of technology. Many benefits come with modernizing county administrative processes and operations, and counties will continue to adapt to ongoing technological developments. As this occurs, counties need to be aware and prepared for the inherent cyber risks that also come with information technology systems.
There are many ways in which I.T. systems and data can become compromised, stolen, or withheld for ransom. The costs to recover from a cyber-incident can be staggering, and the impact on public trust can be challenging to restore. Fortunately, there are resources available to help counties identify potential vulnerabilities and reduce their cyber risk.
eRiskHub® Available to NCACC Liability & Property Risk Pool Members
NCACC Liability & Property Risk Pool members have exclusive access to an online portal, the eRiskHub ® powered by NetDiligence, a leading cyber risk readiness and response service provider. The eRiskHub is a subscription-based service that helps counties assess their level of cyber risk exposures, develop a response plan, and minimize the effects of a breach. The portal includes a variety of tools and information to help your county reduce its risk exposure to cyber intrusions, including:
- Cybersecurity education and training videos and webinars
- Self-auditing tools to assess cyber risk
- Access to cyber news, threat intelligence information, data, research, and other tools to explore losses, fines, and penalties related to cyber breaches
- State-by-state legal requirements for breach notification
- A cost calculator to estimate the financial impact of breach notification requirements
- Contract guidance for third party Cloud services
- Company directory for additional, fee-based cyber services
The eRisk Hub also provides customizable templates and sample policies to guide your county in implementing cybersecurity risk reduction procedures to manage better:
- Antivirus/malware exposure
- Network security/access
- Incident response
- Personal device use
- Phishing prevention
- Physical security
- Security awareness and training
- Sensitive information
NCACC Partners with CIS® to Provide 100 Counties Free and Discounted Cybersecurity Tools and Services
Among many other things, counties can access:
Free I.P. address and domain monitoring services and threat-based vulnerability assessments
CIS’ Security Operations Center, a 24/7 centralized triage point for threat and vulnerability detection, analysis, notifications, and assistance at no cost. Analysts monitor and alert MS-ISAC users of suspicious activity
Computer Emergency Response Team (CERT), which provides incident response, computer forensics, and malware analysis services at no cost
CIS-CAT, which helps ensure security compliance by comparing the current system settings of the county’s technology equipment to best practice settings – at no cost
CIS CyberMarket, a collaborative purchasing program that serves SLTT government organizations, not-for-profit entities, and public health and education institutions to improve cybersecurity through cost-effective group procurement; and intelligence reports and alerts, and webinars to increase cyber awareness and education at no cost.
CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global I.T. community to safeguard private and public organizations against cyber threats. The CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing I.T. systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced I.T. professionals. Our CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit www.CISecurity.org.
Get information on fee-based services from CIS
Incident Response for NCACC Risk Pool Members
NCACC Liability and Property Risk Pool members that suspect a data breach, privacy violation, or other cyber event are instructed to notify Sedgwick Claims as soon as possible by calling:
Myra Jones, Claims Director – (704) 651-6812
If no answer or not immediately available, then contact:
Virgil Hollingsworth, L&P Claims Examiner – (704) 423-2077
– or –
Michael Kelly, Risk Management Director – NCACC Governmental Risk Pools – (919) 719-1124
If appropriate, your Claims Representative will contact the Breach Coach®, a privacy attorney, on your behalf. The Breach Coach will help you determine:
- Is a computer forensics investigation needed?
- Are breach notifications required?
- What is the potential for regulatory fines or penalties?
- What is the potential for legal action?
- What are your next steps?