Cyber Security Best Practices for NIRMA Members: Key Recommendations

By Chad Engle, Loss Prevention and Safety Manager

County governments face unique cyber security challenges due to their responsibility for sensitive data and often limited resources. Based on insights provided by Matthew Mead a cyber security expert with Eckert Seamans Cherin & Mellott, LLC, here are actionable steps to strengthen your county or agency’s security posture:

1. Address Resource Limitations

• • Prioritize Endpoint Detection and Response (EDR): Implement an EDR solution to monitor systems and detect threats in real time.
  • Ensure Active Monitoring: Assign personnel or leverage managed services to respond quickly to alerts.

2. Combat Phishing Attacks

• • Regular, Interactive Training: Move beyond classroom sessions to real-time, desk-based tutorials. Implement simulated phishing attacks and provide immediate feedback when an employee clicks a phishing link.
  • Promote Reporting Culture: Encourage employees to report suspicious emails to IT, as attackers often target multiple individuals.

3. Strengthen Incident Response

• • Familiarize Yourself with NIRMA’s Cyber Security Toolkit and the eRisk Hub: Both resources are accessible via the Interact portal on NIRMA’s website.
  • Develop and Test a Practical Plan: Avoid overly complex documents. Create a concise, actionable playbook and rehearse it regularly.
  • Include Cross-Functional Teams: Involve IT, communications, HR, physical security, legal counsel, and forensic partners in exercises.
  • Maintain Updated Contact Lists: Ensure backups for key team members and store lists offline for emergencies.

4. Secure Operational Technology (OT)

• • Collaborate Across IT and OT: Define and monitor who can interact with systems like HVAC, access control systems and security cameras.

5. Respond Quickly to External Alerts

• • Act Immediately on Notifications: When agencies or partners warn of a cyber incident, respond without delay to minimize impact.

6. Notify NIRMA and Engage Law Enforcement Early

• • Notify NIRMA Immediately Upon Identifying a Suspected Data Breach or Cyber Security Incident: Do not hesitate, do not wait.  Also contact your IT professionals, they should be made aware of any communications with a breach coach to ensure the forensic investigation is completed.
  • File an IC3 Complaint Immediately: If you suspect or fall victim to a cyber crime, report it to the FBI using the Internet Crime Complaint Center (IC3) as soon as possible.  If you have a breach coach involved in an incident, they will help guide you on proper reporting.
  • Contact U.S. Secret Service for Fund Recovery: If a business email compromise results in funds being wired to the wrong party, promptly reach out to the U.S. Secret Service to increase the chance of recovering funds.  Again, if a breach coach is involved, they will assist with these notifications.

Conclusion:

Cybersecurity for county governments requires balancing transparency, resource constraints, and evolving threats. By prioritizing EDR, fostering awareness, practicing incident response, and securing OT systems, counties can significantly reduce risk and build resilience.

When you joined NIRMA, you became part of an organization dedicated to managing risk. Along with your fellow NIRMA pool members, your constituents and Nebraska law expect you to actively address the risks associated with today’s online business environment. If you have any questions or need guidance on how to do so, please don’t hesitate to contact NIRMA.

As always, I can be reached at chad@nirma.info or 1.800.642.6671.