Security for citizens starts with your organisation
We talk a lot about security here at Granicus, whether it’s our FedRAMP-compliance or our processes for staying ISO 27001-compliant… but so what? Why put so much time, effort and money into security even at the local government level?
- The threat to government organisations of all sizes is higher than for the private sector.
- There are higher standards for government organisations of all sizes than for the private sector.
You may assume that central and federal government is most in need of top cybersecurity protection, but local governments are the caretakers of more citizen information and actually face more immediate infrastructure threats. Counties and cities are entrusted with a huge amount of personal information about citizens — addresses, contact information, sensitive benefits information, mother’s maiden name, property information, etc. — things a hacker would love to intercept. And recent studies show state and local governments are not feeling confident in their cyber security systems and skillsets.
Most public infrastructure systems are locally run (e.g. water treatment facilities, police dispatch centres, city hall systems), and cyber threats to these systems can disrupt daily life for everyday citizens. There is evidence that hackers are regularly trying to access local government systems to disrupt systems and create chaos. Virginia Governor McAuliffe reported in February that the state and local government organisations faced 86 million separate hacking attempts in 2016. The state of Utah reports that up to 300 million attempts a day on government systems occur throughout the state, up from only 25 to 80 thousand just a few years ago.
In the UK, the National Audit Office reported the 17 largest departments recorded 8,995 data breaches in 2014/15 – but that only 14 were reported. Bob Ainsbury, our Chief Product Officer, spoke at Granicus’ Annual Public Sector Communications Conference in London last month on the importance of a robust security strategy for every government organisation. [Watch Bob on catch-up here.]
In order to combat these attacks, each and every function in place in your organisation must be committed to protecting their systems, both physically and online. Each vendor must meet the security standards of excellence required for the 21st century. Some civic tech providers cannot, so it’s important you’re careful with your choices.
We are committed to providing you with the most secure solution in civic tech, whether you’re looking for digital communications tools or legislative management tools.
How do we do that?
One of the biggest weak spots for any security system is the people involved. Careless human errors can ruin even the best technology so we’re committed to continually updating annual security training for every Granicus employee, and conduct frequent security audits of our workplaces to ensure security procedures become part of the everyday routine. Whether it’s a software engineer or an account executive in the field, security is engrained in the day-to-day. Additionally, security threats aren’t just evaluated by our dedicated security team, but also by a team of our top executives, including CEO Mark Hynes, during regular incident audits.
Second, our systems’ protection is world-class. Our infrastructure is scanned for vulnerabilities on a monthly basis, and a growing suite of products across our communications and legislative solutions, are scanned during this process.
Granicus also has primary and secondary backup routines in a system with maximum durability, which re-emphasises our commitment to secure data storage and security.
In the last few weeks, Granicus successfully migrated many of our legislative solutions to the same data centres as our FedRAMP-compliant communications solutions. These data centres not only feature extremely high cyber security measures such as encryption at rest of all data and weekly automated scanning at the application and network level, but enhanced physical security too.
The datacentre uses five concentric rings of security, from fences and a staffed perimeter, to a multi-level entry process to validate permissions and identifications of anyone entering or exiting the area thoroughly. The Granicus data centres offer modern day Fort Knox-level security, because the data you’re entrusted with and the availability of your systems are that important.
The CIA Triad of Security
There are three reasons why we continue to improve the security of the cloud applications we provide to government organisations: Confidentiality, Integrity, and Availability. This is known as the Central Intelligence Agency (CIA) triad of security.
Confidentiality: As a local government you have a wealth of confidential information from citizens that you’ve been entrusted to protect from outside threats. As an example, cities that use our Legistar solution, which includes the majority of the 50 most populous cities in the United States, now benefit from being better protected against hacks to their city via their agenda management software. Any weak application can be a window for hackers to get into city systems, and Granicus is committed to ensuring the clerk and council are never putting the city at risk.
Integrity: The information you put into any application, whether it’s an email message going out to citizens or the documents of an agenda packet, needs to be accurate and protected. While hackers may aim to intercept and change this information, instead sending out their own messages or altering the language of a bill to be considered, a system like what we have at Granicus that encrypts information and keeps information safe at US-based proprietary data centres retains the integrity of the information you create and exchange.
Availability: Government work doesn’t stop, and the solutions you use and information you possess and create must be available at all times. Our security commitment ensures that the right people have access to the right systems whenever they need them, never exposing your staff or citizens to being locked out of the information they need. In times of crisis or emergency, ensuring that citizens are able to access your website or your communications may be critical, and we take that responsibility very seriously.
We know security is at the very top of your list as you’re looking for new solutions that fit your organisation’s needs now, and into the future. We invest in updates like these to keep us on the forefront of civic tech solutions, and protect what you’ve been entrusted with by your citizens.