Disaster Recovery Planning for Municipal Governments

Disaster can strike when you least expect it. Natural and cyber catastrophes, such as flooding, tornadoes, hurricanes, and malware infections, can decimate government systems, halting service delivery and putting valuable data at risk for corruption or loss.

Preparation for disaster is just as important as the recovery process. Municipal governments must ensure effective disaster recovery plans are in place to restore the functionality of critical systems.

  • Prioritized systems and processes for recovery
  • A comprehensive inventory of hardware and software
  • Defined tolerance for downtime and data loss
  • Identified backup personnel
  • A streamlined communication plan

Local governments, in particular, must have citizen information available at all times, which makes effective data backups invaluable. This includes backup copies of email data, which can be compromised in the event of a cyber attack or hard drive failure. Some experts recommend following a 3-2-1 backup rule, which dictates that organizations maintain three copies of data, two of which are backed up to different media (e.g., cloud, disk, or tape), and one of which is housed off site. Having multiple backups makes data recovery seamless and reliable.

In essence, well-constructed DRPs allow municipalities to have a sense of security, knowing that a formalized strategy is in place to abate the risk of service delays, streamline communication and decision-making, and minimize stress when disaster strikes.

Healthcare and Cybersecurity

Telemedicine, mobile applications, EHR’s and numerous other technologies are critical to the healthcare industry. While IoT has allowed healthcare to reach patients in new ways, connectivity to the internet has increased in devastating cyber attacks.

To help monitor cybersecurity risks, the Department of Health and Humans Services (HHS) has released the publication Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients, a game changer that the industry has been awaiting for nearly two years.

The document looks into the current challenges and identifies healthcare-specific vulnerabilities, and details best practices for defending against advanced threats, such as ransomware, loss or theft of equipment or data, and internal malicious activity. Armed with this information, healthcare providers of all sizes are able to improve their approaches to cybersecurity with tried and true strategies encompassing the following areas:

  • E-mail protection systems
  • Endpoint protection systems
  • Access management
  • Data protection and loss prevention
  • Asset management
  • Network management
  • Vulnerability management
  • Incident response
  • Medical device security
  • Cybersecurity policies

Cybersecurity has become an essential part of healthcare in the modern age, when IT assets means protecting not only data, but also the physical well being of patients.