Cyber Security Resources
The digital age has ushered in many opportunities for counties to improve the speed and efficiency of service delivery through the increased use of technology. Many benefits come with modernizing county administrative processes and operations, and counties will continue to adapt to ongoing technological developments. As this occurs, counties need to be aware and prepared for the inherent cyber risks that also come with the use of information technology systems.
There are many ways in which IT systems and data can become compromised, stolen or withheld for ransom. The costs to recover from a cyber-incident can be staggering, and the impact on public trust can be difficult to restore. Fortunately, there are resources available to help counties identify potential vulnerabilities and reduce their cyber risk.
eRiskHub ® Available to NCACC Liability & Property Risk Pool Members
NCACC Liability & Property Risk Pool members have exclusive access to an online portal, the eRiskHub ® powered by NetDiligence, a leading provider of cyber risk readiness and response services. The eRiskHub is a subscription based service that helps counties assess their level of cyber risk exposures, develop a response plan and minimize the effects of a breach. The portal includes a variety of tools and information to help your county reduce its risk exposure to cyber intrusions, including:
- Cybersecurity education and training videos and webinars;
- Self-auditing tools to assess cyber risk;
- Access to cyber news, threat intelligence information, data, research, and other tools to explore losses, fines and penalties related to cyber breaches;
- State by state legal requirements for breach notification;
- A cost calculator to estimate the financial impact of breach notification requirements;
- Contract guidance for third party Cloud services; and
- Company directory for additional, fee-based cyber services
The eRisk Hub also provides customizable templates and sample policies to guide your county in implementing cybersecurity risk reduction procedures to better manage:
- antivirus/malware exposure
- network security/access
- incident response
- personal device use
- phishing prevention
- physical security
- security awareness and training
- sensitive information
Incident Response for NCACC Risk Pool Members
NCACC Liability and Property Risk Pool members that suspect a data breach, privacy violation or other cyber event, are instructed to notify Sedgwick Claims as soon as possible by calling:
Myra Jones, Claims Director - 704.651.6812
If no answer or not immediately available then contact:
Virgil Hollingsworth, L&P Claims Examiner - 704.423.2077
- or -
Michael Kelly, Risk Management Director - NCACC Governmental Risk Pools - 919.719.1124
If appropriate, your Claims Representative will contact the Breach Coach®, a privacy attorney, on your behalf. The Breach Coach will help you determine:
- Is a computer forensics investigation needed?
- Are breach notifications required?
- What is the potential for regulatory fines or penalties?
- What is the potential for legal action?
- What are your next steps?
NCACC Partners with CIS® to Provide 100 Counties Free and Discounted Cybersecurity Tools and Services
NCACC partnered with CIS® (Center for Internet Security, Inc.®) to help counties implement best practices and address various cybersecurity needs. CIS operates the MS-ISAC ® (Multi-State Information Sharing & Analysis Center ®), which is designated by U.S. Department of Homeland Security to serve as the central cybersecurity resource for the nation’s state, local, tribal and territorial governments (SLTT).
All 100 counties can access a variety of free cyber resources including 24x7 support, real time monitoring and early threat detection, incident response support and intelligence advisories and alerts by registering with MS-ISAC. NCACC’s partnership with CIS also allows counties to access low-cost paid services such as enhanced monitoring using an intrusion detection system, phishing tests, penetration tests, and other consulting services. CIS also provides SLTT organizations an elections-focused cyber defense suite through the EI-ISAC® (Elections Infrastructure Information Sharing and Analysis Center®). Click here for a detailed description of all CIS offerings.
Among many other things, counties can access:
- free IP address and domain monitoring services and threat-based vulnerability assessments;
- CIS’ Security Operations Center, a 24/7 centralized triage point for threat and vulnerability detection, analysis, notifications, and assistance at no cost. Analysts monitor and alert MS-ISAC users of suspicious activity;
- Computer Emergency Response Team (CERT), which provides incident response, computer forensics, and malware analysis services at no cost;
- CIS-CAT, which helps ensure security compliance by comparing the current system settings of the county’s technology equipment to best practice settings – at no cost;
- CIS CyberMarket, a collaborative purchasing program, which serves SLTT government organizations, not-for-profit entities, and public health and education institutions to improve cybersecurity through cost-effective group procurement; and
- intelligence reports, alerts and webinars to increase cyber awareness and education at no cost.
CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit www.CISecurity.org