NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
July 17, 2017

Information security for your local city, town, or village

Justin Fimlaid Justin Fimlaid

As a Manager, Mayor, or Councilor of a city or town, you do your best. You manage employees and support their growth. You improve your services to better serve your residents. Maybe in the back of your head, you think occasionally about information security. Between tax records, police records, and employee records, your local government presides over a lot of information. By your state government’s standards, even your small town or city is considered a “data collector”.

As a data collector, what are your responsibilities and how do you manage them? Maybe you have a small IT department, or you have a relationship with a local IT service provider. Your immediate technology needs are being met, but are you protected from cybercrime? Information security is inherently tied into technology, but your staff or service providers are likely not experts in keeping your residents’, employees’, and users’ information secure.

Not too long ago, smaller cities and towns could fly under the radar. There weren’t enough “bad guys” to merit extensive measures. Now, everyone and anyone can be a hacker. The systems you need to operate day-to-day all pose threats in their own way. Websites provide valuable information, but can crash or become comprised through denial of service attacks. Cloud storage allow employees flexibility, but can open channels to confidential documents. WiFi keeps everyone connected, but can also connect insecure devices to your secure network.

Many Local Government Targets

In the Northeast, we have so many cities, towns, and villages. Some recently publicized events show that information security victims come in all shapes and sizes. Your local government, unfortunately, is not immune:

At the Police Department of the City of Middleton, New York, hackers gained access to the Middleton Police Department’s database and were able to export personal information including names, social security numbers, driver’s license numbers, dates of birth, fingerprints, and addresses of individuals who had contact with the Middleton Police Department.

The Township of Springfield, New Jersey also recently reported similar activity in their Police Department’s database.

The City of Stillwater, Oklahoma reported that “an unathorized party accessed a computer” for 22 days which contained the information of 3,000 people who were issued citations for ordinance violations.

The website for Harrison, New Jersey was hacked eight times in one month last year. While no privileged information was compromised in this instance, many city websites allow for online database access. If these systems are not configured properly within your website, they can allow unauthorized users to access your data.

The Police Department of Essex, Vermont, located right down the street from our headquarters, fell prey to a tax fraud scheme via email in 2016. This illustrates the most common cause of data breach: internal threats. In this case, an unknown person sent emails pretending to be an Essex Town Official and requested payroll records. Town staff provided the information and did not verify the sender’s identity. Internal errors like this are much less technical, but just as damaging as a hack.

Finally, in Israel,  cybersecurity researcher illustrated a takeover of Tel Aviv’s public WiFi. Do you offer WiFi in your city buildings? Public WiFi should be firewalled off from your internal password-protected WiFi.

Impact of Data Breach

Not only is a data breach a huge setback for local governments, the costs are greater. The relative significance of data breaches is larger for small entities. Recovery is also more public. Your neighbors, coworkers, and taxpayers trust you to keep to their information safe. Laws vary state to state, but in Vermont, you are required to report a breach within 14 days of discovery and notify affected individuals of a data breach within 45 days from discovery of the breach. Experts can help ensure information security so data breaches don’t occur. Often, fixes are not expensive or extensive. Take the initiative now to assess where your vulnerabilities lie.

Need Information Security?

Information Security is the practice of securing all information across your business. This includes the review of Information Security as it relates to Legal, Human Resources, Finance, IT and any place within your government that uses information in digital or paper form. At NuHarbor, we leverage common security frameworks to give you a road map to best practices so information is protected any place where it is processed, transmitted, or stored. Want to know more? Click here to read about Security Program Reviews.

Included Topics

  • Security Operations
Justin Fimlaid
Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Related Posts

1 min read
The cybersecurity landscape in Vermont Read More
1 min read
Third-Party Security in the Financial Services Industry [Infographic] Read More
1 min read
Vermont's cybersecurity landscape Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.