Effective Cybersecurity Practices for State and Local Governments

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”
— Stephane Nappo, International Cybersecurity Leader

It is unsurprising that, in 2025, cybersecurity continues to be a crucial and relevant issue for government organizations. Ten years ago, the public sector was facing more security incidents and data breaches than any other sector at the time¹. In recent years, that trend has continued; public sectors in 2024 saw more than 12,000 confirmed security incidents and breaches². That’s more than 30 attacks every day across the course of a year.

With so much at stake, how can government agencies, particularly at the state and local level, protect sensitive information?

Anticipate Risk

If you are part of the public sector, your organization is a target for cyberattacks – it always will be. Anticipating risk means acknowledging that the sensitive information stored by your organization will always be vulnerable to an attack. If you understand the data attackers are after, however, you can determine how best to protect it. William Eggers, the Executive Director of Deloitte’s Center for Government Insights, describes this process as “locking the doors”³. Management must determine where the weakest points of their IT systems are and shore them up.

Locking the doors also entails ensuring basic safeguards are in place. Strong passwords and multi-factor authentication are simple yet effective steps to keep data secure. The most sensitive data stored by your organization should also be encrypted and anonymized. This limits the availability and the usefulness of that information if it is breached.

Respond to Threats

Ensure your organization is scanning for breaches regularly. This will allow your security systems to identify leaks quickly.  If a leak is identified, your organization must determine how to contain it, the extent of any damage that may have been caused, and publicly address the incident to communicate responsibility and rebuild trust. Establish a communication plan in advance of a leak to ensure prompt and efficient communication during an incident.

Promote (and Maintain) Cybersecurity Skills

Protecting your organization from external threats is difficult enough. Don’t let internal carelessness allow attackers into your systems. It cannot be overstated how important it is to ensure employees understand the importance of strong, unique passwords and multi-factor authentication. Invest in annual cybersecurity training so that employees can recognize and report phishing attempts. Finally, make sure office software is updated regularly. Software updates include many things, among them security patches that can help lower vulnerabilities attackers may take advantage of.

Remember, Cybersecurity is Ongoing

Maintaining the cybersecurity of your organization is not a one-and-done occurrence. It is a constant process that will continue to evolve as technology and threats do. Contact us to discuss the importance of securing your organization’s data and information.

---

Citations

1. "Government’s Cyber Challenge: Protecting Sensitive Data for the Public Good", deloitte.com, July 25, 2016.
2. "2024 Data Breach Investigations Report", verizon.com, May 1, 2024.
3. "Government’s Cyber Challenge: Protecting Sensitive Data for the Public Good", deloitte.com, July 25, 2016.