Helping Michigan Municipalities Address Cybersecurity Risk

December 15, 2021

Michigan Local Governments – Cyber Targets

Local governments throughout Michigan have been targets of ransomware, phishing, malware, and data breaches. Thus far, the attacks have been contained and not shut down any vital systems or made national headlines; however, the attackers become more sophisticated in their methods every day. You don’t want to be the first Michigan municipality to make national news due to a cybersecurity attack.

An Easy Way to Increase your Cybersecurity Posture

An easy way to improve your cybersecurity is by taking advantage of the State of Michigan pre-qualified program providing an independent assessment for local public entities. This assessment (jointly completed by an independent assessor and local entity staff) quickly identifies your most critical vulnerabilities and recommends steps to address them. The program includes:

• Detailed findings report from the initial assessment
• Monthly one-hour coaching session to ensure you are on the right path in addressing the vulnerabilities and discuss any new issues
• Annual cybersecurity prioritized improvement plan including a timeline
• Basic cyber incident response plan
• End of the year assessment to report on progress
• Final evaluation comparing the improvement plan goals and recommendations to the current security posture

An Incident Response Plan to Address the Unexpected

As mentioned above, the program also includes an incident response plan. A plan ensures that in the event of a security breach, the right people are in place at the right time with the right procedures to deal with the threat effectively. Let’s face it, having a cyber-attack is daunting for the most experienced team; thus, it is critical that under the pressure of an incident, correct decisions are made to bring the situation under control. If the response is not orchestrated or information is “leaked” to outside sources, the outcome could be disastrous.

Typically, the high-level incident response plan contains:

• Categorization

  How an incident is defined, categorized, and declared

• Participants

  Who participates in cyber incidents?

• Roles and Responsibilities

  The roles and responsibilities of each of the participants. Identify a spokesperson and escalation path(s)

• Decisions

  The types of decisions the participants are required to make

A plan ensures that a structured investigation can provide a targeted response to contain and remediate the threat. It also provides a basis for improvement after the attack to apply lessons learned.

Links to access the program

You can take advantage of this contract to improve your security posture through these two easy steps:

1. Learn more about the Independent Cybersecurity Assessments for Local Public Entities in Michigan
2. View the pre-qualified vendor list.

How Dewpoint Can Help You

Dewpoint is uniquely qualified to assist municipalities with cybersecurity assessments and follow-up due to our experience with local governments. In 2005, we established a separate service offering focusing on the public sector to address the unique client needs. In addition, as a full-service IT company, we have certified experts in security, network, infrastructure, and applications to take a holistic view of your environment. Contact us today to get a quote to take advantage of the prequalified program.