Cybersecurity: Is your city prepared for cyberattacks? – Safety

The question is not if When a local government receives a cyber attack, the problem is when It happens.

Victims of cybersecurity attacks are no longer limited to businesses traditionally considered easy targets, such as large financial institutions and other critical gatekeepers of sensitive information. All municipalities, regardless of size, must now prepare for cybersecurity incidents.

Municipalities are eligible of Freedom of Information and Privacy Protection Act (Manitoba) (“FIPPA”), which includes specific obligations regarding the protection of personal information that municipalities collect and the notification of individuals in the event of a security breach. As of January 1, 2022, failure to comply with FIPPA's violation notification requirements can result in fines of up to $50,000.

Is your city prepared to respond in an organized and timely manner if you discover that your information systems have been compromised, sensitive data and personal information has been accessed, and the systems are no longer functioning properly? Do you have a formal plan to restore system functionality, identify the information that was accessed, engage with appropriate regulatory authorities, and contact and respond to those whose personal information may have been accessed?

The first few hours after discovering a security breach are critical. Timely cybersecurity incident assessment and response is critical. Having the right policies and plans in place is not only a key element in quickly restoring system functionality, but also ensuring that municipalities comply with legal requirements regarding data protection and cybersecurity breaches in a timely manner. , which can help reduce potential legal liability. Having a regularly tested incident response plan in place means you can take the necessary steps and save time in the event of a security breach.

All local governments must have policies and procedures in place to deal with cybersecurity incidents. As this is a constantly evolving field, these policies and procedures should be regularly reviewed and tested to ensure they remain effective and comply with legal obligations. If your city doesn't have these policies and procedures, or they haven't been recently reviewed, the questions below will give you some important considerations to help ensure your city meets its legal obligations. It becomes clear.

• Has your city identified its data protection and cybersecurity compliance obligations?




• Is your city aware of the relevant privacy laws governing it (such as FIPPA)?




• Depending on the sensitivity of the data you hold, your municipality may require both technical (firewalls, anti-malware, intrusion detection systems, etc.) and physical (locked doors, access cards, security cameras, etc.) security safeguards. Are you applying it?




• Does your city know what data it has, where it is stored, how it is protected, and who has access to it?




• Does your city have appropriate policies, procedures and processes in place to address privacy, data protection and cybersecurity risks and compliance obligations?




• Ensure that your employees have the appropriate degree of awareness, knowledge, skills and training to effectively address the sensitivity of data held and address applicable privacy, data protection and cybersecurity risks. Have you received it?




• Does your city assess and manage the privacy, data protection, and cybersecurity risks arising from the use of third-party contractors and service providers?




• Does your contract require the service provider to help you comply with your regulatory obligations if the service provider experiences a security breach that affects personal information for which the municipality is responsible?




• Does your city have a formal incident response plan for dealing with breaches of security protections that is regularly tested and updated?

The content of this article is intended to provide a general guide on the subject. You should seek professional advice regarding your particular situation.