6 min read
Book a Free Consultation

New York Local Government Cybersecurity Management Plan 2023: Takeaways from NY IT Plan

By Harrison Kelly

New York local governments have a lot of reasons to prioritize cybersecurity. Given the state’s reputation as a global economic powerhouse and one of the largest, most notable regions in America, governments in the Empire State make for a prime target for ransomware attacks and other disastrous hacks.

Luckily, the state government is offering intuitive resources and requirements for bringing NY counties and municipalities into a cyber secure government digital transformation, especially considering recent advancements in government technology and software.

In this resource, you’ll get a rundown on the critical takeaways from the New York Local Government Management Guide for IT Government Management as well as other state resources pertaining to cybersecurity. From there, you’ll learn about the key technological advancements that can truly modernize your municipal IT systems.

Get a GovPilot Demo

Notable Advice from the NY Local Government IT Management Guide

After the pandemic shined a spotlight on the glaring flaws in government data storage and computer systems, the NY Office of the State Comptroller released its updated IT system and cybersecurity protocol in December 2021. Much of the information remains relevant today.

As explained in the document, “although no single practice or policy on its own can adequately safeguard your IT investments, there are a number of internal controls that, if appropriately implemented and monitored, collectively increase the odds that your systems and data will remain safe.”

Here is a breakdown of important government computer system initiatives for municipalities to prioritize, and ways government software can help:

Form an IT Strategic Plan By Asking Questions

When forging a local government IT plan, IT leaders need to ask important questions to make informed decisions. “An important way that governing boards fulfill their oversight responsibilities is by asking questions related to controls over IT systems and any key applications (e.g., financial, personnel and student information) within those systems… Asking the right questions is not only an effective way to exercise oversight, it can be done at little or no cost. On the other hand, not asking the right questions may potentially expose IT systems and data to loss or unauthorized access and use, which could be very expensive.”

Be sure to ask questions to city administrators, government employees, and the IT staff about the systems they’re utilizing and their general knowledge around cybersecurity best practices. Talking to both the IT experts and the novices within your government is a good way to get an accurate reflection of the current state in computer systems and processes in every government department

Here are more Government Strategic Plan Examples & Tips

Have an Local Government IT Policy in Place

“IT policies define the [IT and city leadership’s] expectations for appropriate user behavior, describe the tools and procedures used to help protect data and IT systems, assign key responsibilities and explain the consequences of policy violations.”

NY state requires local government IT policies to include:

  • Breach Notification Procedures

The New York State Technology Law, “requires municipalities and other local agencies to have a breach notification policy or local law. Such policy or local law must require that notification be given to certain individuals when there is a breach of the security of the system as it relates to private information. If you fail to adopt an information breach notification policy and private information is compromised, or is reasonably believed to be compromised, officials and employees may not understand or be prepared to fulfill their legal obligation to notify affected individuals”

New Jersey recently passed legislation setting high standards for cyber reporting in the state. Learn lessons from across the river in the NJ Law for Cyber Reporting guide. 

  • Online Banking

“Before a local government… begins processing financial transactions online, it should have a comprehensive policy that addresses online banking activities. The policy should identify what online banking activities are allowed; who is authorized to prepare, approve and process online transactions; who is responsible for recording online transactions; who is responsible for reviewing and reconciling transactions and how often such reviews and reconciliations should occur; and what procedures should be followed when responding to potential fraudulent activity.”

GovPilot offers digital government credit card processing integrations with many of the top payment processing partners. In addition to collecting municipal fees and fines and generating revenue for your locality, this approach keeps a documented record with government procurement software.

GovTip: In your accounting department recruiting, be sure to inquire with candidates about their experience digitally storing financial data and keeping critical accounting data secure. Emphasize the importance of cybersecurity in public sector accounting before onboarding new tech workers that will be dealing with both inbound and outbound online government procurement processes. Here are more tips for Public Sector Recruiting in the digital era.

  • Internet, Email, and Computer Use

“This policy should describe what constitutes appropriate and inappropriate use of IT resources, along with your expectations concerning personal use of IT equipment and user privacy (e.g., management reserves the right to examine email, personal file directories, web access history and other information stored on local government… computers, at any time and without notice). It should also describe the consequences for policy violations (e.g., an employee found to have violated the policy may be subject to disciplinary action, up to and including termination of employment).”

GovPilot’s government communications channel keeps all government-wide communication in one system, encouraging public worker accountability and keeping the passage of data under a cyber-secure data encrypted messaging system. 

Other key components the NY state government referenced but didn’t require include:

  • Password Security: require employees to have long and unique passwords.
  • Mobile Field Device Tracking: keep a record of phones and tablets being used and accessing government data from the field. 

Prioritize Cybersecurity Training

[Government] IT security training should explain the proper rules of behavior for using your IT systems and data, and communicate the policies and procedures that need to be followed. The content of training programs should be directed at the specific audience (e.g., user or system administrator) and include everything related to IT security that attendees need to know to perform their jobs. IT security awareness efforts should reinforce your IT policies and training and can focus attention on security in general or some narrow aspect of security (e.g., the dangers of opening an unknown email or attachment, or how to maintain laptop security while traveling). “

When training your staff on government cybersecurity best practices, educate them on:

  • Current hacking tactics and emerging IT challenges
  • Phishing scams and downloads with malware
  • Breach reporting procedures 
  • Importance of applying IT best practices like strong passwords and wireless security.

Hire Government Tech Workers to educate your staff on cybersecurity best practices and pay attention to the evolving IT landscape, and implement government IT software to your community.

Security Threats from Third-Party IT Partners

“Local governments… increasingly rely on third parties to provide a variety of IT-related services. For your protection and to avoid potential misunderstandings, there should be a written agreement between your local government… and the IT service provider that specifies the level of service to be provided by the vendor and clearly states your needs and expectations including those relating to the confidentiality and protection of personal, private and sensitive information…it is very important for local governments… to know who (any vendor or subcontractor) has access to its personal, private and sensitive information, and to convey the security expectations to those vendor(s) and subcontractor(s) through the written contract(s).”

GovPilot offers government vendor management software to keep cloud-based records of all private-sector partners which can be adjusted to include data on their level of security access.

IT Access Controls

“IT access controls prescribe who or what computer process may have access to a specific IT resource, such as a particular software program or database. For example, access controls can be implemented to limit who can view electronic files containing employee names and Social Security numbers. The first step in implementing adequate access controls is determining what level and type of protection is appropriate for various resources (e.g., data) and who needs access to these resources.”

GovPilot’s security protocol makes it easy to get access to important data to government workers across departments via its government management software. Access can be switched on or off for individuals / organizations as needed and a user’s security status will change instantly when their access is adjusted.

IT Contingency Plan

“Because no computer system can be expected to operate perfectly at all times, unplanned service disruptions are inevitable. A disruptive event could include a natural disaster such as a flood or fire, or something more localized such as a computer virus or ransomware infection.” 

“An unplanned IT disruption involving the corruption or loss of data or other computer resources from ransomware, hardware failure or human error, for example, could significantly curtail a local government’s… operations. Proactively anticipating and planning for such disruptions will prepare local government… personnel for the actions they must take in the event of a disruption and could significantly reduce the resulting impact.”

Here are more tips for forging a government continuity strategy as a part of your disaster preparedness plan.

Can Grants Pay for NY Government Cybersecurity Infrastructure?

Here are state and federal cybersecurity grants helping local governments modernize their IT systems:

How Government Technology Helps Keep Government Data Secure

The GovPilot government cloud offers software solutions for all government departments to save time and money while simultaneously keeping their data secure.

Consider how an unlimited government software plan can keep data safe and secure across your entire county or municipality:

  • Regular Data Backups

The government cloud keeps all of your public records stored securely over the Internet. With weekly data backups of your data stored in Microsoft Azure (GovPilot’s cloud partner), even if a municipal data breach occurs due to human error, you won’t have to fear losing your critical data permanently to a hacker. The same applies for natural disasters.

  • Data Encryption

All of your government communications will be encrypted, keeping your data private.

  • Commitment to Cybersecurity

Between third-party audits, awareness training for GovPilot staff members, and IT penetration testing, GovPilot is committed to continually bettering the software and keeping our government partners safe and secure.

Consider other states such as Florida's Local Government Cybersecurity Grants for inspiration on how to spend your funds in New York, 

Don’t wait to make your government digital transformation. Book a demo of GovPilot today!

NY Local Government IT Management FAQs

Why Do NY Local Governments Need to Prioritize Cybersecurity? 

Governments around the globe are being hacked regularly. And with local governments famously using antiquated computer systems that are easier to breach, they are seen as an easy target for hackers. Moving to the government cloud, regularly backing up data, and training employees of IT best practices is essential to keep public sector data safe.

How Does Public Record Technology Keep Government Data Secure?

Every department stores paperwork. From digital construction permit applications to pet licenses and beyond, any department can have data automatically uploaded and securely stored in the cloud. Data encryption and regular data backups will keep your entire local government’s data safe.  

Read on for more of the latest government trends:

Tags: Cybersecurity, Digital Transformation, GovTech, Disaster Recovery