‘Cyber hygiene’ an ongoing concern for Maui County

CHAIR’S 3 MINUTES

The County Council’s Policy and Intergovernmental Affairs Committee will discuss cybersecurity for the County of Maui on Nov. 14 at 9 a.m.

The National Association of Counties has been working with experts at the Department of Homeland Security and in the private sector to ensure county governments are using best practices to protect their computer networks and electronic data. Steven Hurst, director of security architecture and strategy at AT&T, had an insightful post on the NACo blog last month, titled “Cyber hygiene for counties (and others).”

He wrote that counties must understand their greatest cyber vulnerabilities and then work to minimize the risks. His advice is astute, yet simple.

Hurst identified “the most unpredictable vulnerability” for counties as “the people who use the network or use services hosted on the network.” He believes staff training is key to protection:

“Cyber hygiene can be enhanced by conducting regular and reoccurring training on how to safely use the internet and other network attached systems. This training needs to include a focus on the highest risk behaviors: clicking on links, password best practices and understanding that not all communication is private (talking in public, messaging, email, web surfing, locking your system, signing off applications, etc.).”

Hurst noted it’s also important to maintain a current list of computer equipment and data-storage locations. He wrote:

“Having the accurate inventory will help you to reduce risks, and hence, stay cleaner, by keeping patches on your hardware and systems up to date, and harder to exploit. Knowing what and where your information is can also help maintain and assess a control framework.”

Regularly archiving data is another simple but critical way to protect electronic assets, according to Hurst. “This means backing up your data, including configuration information, daily, storing it for six months to a year, and testing the restoration of that data on a regular basis,” he wrote.

Finally, Hurst wrote that it’s important to ensure the integrity of “endpoints” — the servers, personal computers, smartphones and tablets that provide direct access to systems and data. Consistent with common sense, Hurst advised that these devices’ firewalls and anti-virus software be strong and current.

The committee has discussed cybersecurity at three other meetings this term, most recently on March 14, and I’m impressed with the diligent work the county’s Information Technology Services Division has been conducting in this field. The upcoming meeting will provide an opportunity to get an update from ITSD and others on any recent developments.

With reports about computer hacks at all levels of government in every news cycle, it’s obvious that diligence and vigilance are required. I’m confident in the security of Maui County’s electronic assets, and this meeting is just part of the ongoing hygienic process.

Aloha and mahalo!

* Mike Victorino is president of the Hawaii State Association of Counties, presiding officer pro tempore of the Maui County Council, and chairman of the council’s Policy and Intergovernmental Affairs Committee. He holds the council seat for the Wailuku-Waihee-Waikapu residency area. “Chair’s 3 Minutes” is a weekly column to explain the latest news on county legislative matters. Go to mauicounty.us for more information.

COMMENTS