Revenue Compliance
Tax & Licensing
Short-Term Rentals
Compliance Auditing
Unclaimed Property
Justice
Court
Jury
Probation
Public Administration
Land Records
Vitals Records
Search
Pension
Payments
Neumo Payments
Revenue Management
DMV
Kiosk
Testing & Certification
Fulfillment
Platform
Reporting & Analytics
Application Designer
Digital Processing
ID Verification
eSignatures
Alerts
All Products
Built For Customers
Resource Directory
Articles
Case Studies
eBooks
Webinars
Demos
News
Press Releases
Events
About Us
Careers
Contact Us
Book a Demo
Support
Digital Accessibility
Articles

09.17.25

By: Carol Matthieu

5 Cybersecurity Best Practices for Local Governments With Remote Teams

As local governments adapt to hybrid and remote work, protecting sensitive data is more critical than ever. Explore five cybersecurity best practices to help safeguard systems.

Employee Logging in via VPN on Phone

As virtual work has become more common in recent years, entire industries across private and public sectors have been vexed by a troubling question: how can they mitigate cybersecurity risk with so much of the workforce dialing in from home?

For government agencies looking to shore up their cybersecurity for remote work, these five steps will help to reduce risk and keep their employees, devices, and systems safer:

1. Build a Remote Work Policy

To harden their virtual tools and applications, governments should prioritize building remote work policies with an eye toward evaluating current security capabilities and determining use cases. In addition to outlining specific security guidelines, a strong remote work policy will help identify the biggest risks, what each employee needs to be productive, and what solutions support secure virtual work.

2. Train (and Retrain) Employees on the Latest Government Cybersecurity Best Practices

Employee Watching Training Videos on Laptop from Home Office

Educating employees about potential risks is paramount to maintaining secure systems. In a survey of IT security professionals, 72% said employees believe they are adequately protected and/or are too small to be a target for attackers.

Unfortunately, a divide exists between perceived risk and actual risks—the FBI reports that local governments were the second most targeted group behind academia, and the top modes of attack were phishing emails and exploitation of vulnerabilities in hardware and software.

To close this divide, governments should implement user training programs that include how to recognize signs of malware or a phishing scam, examine links and attachments before opening, and employ a strong password management strategy.

Ongoing training exercises will deepen employee understanding of risks and help ensure appropriate responses to suspicious activity. Additionally, security guidelines outlined in the remote work policy should be shared and enforced across the organization, so everyone is working from the same security-first mindset.

3. Back Up Data

One of the best ways to avoid data loss due to any catastrophic event—whether a cyberattack, natural disaster, or server crash—is by creating a data backup plan. In fact, a robust backup plan, like the one adopted by Yuba County, California, is one of the easiest and most cost-effective precautions that local governments can take to mitigate the risks of a cybersecurity incident.

Good backup plans include keeping regular backups at secure locations off-site, encrypting backups, and routinely testing backups for data and operational integrity. Cloud backups, like those provided by cloud service providers, can help ensure continuity of service and minimize downtime in the event of a breach.

4. Pick Your Team

IT leaders should develop access and chain of command protocols. This includes identifying and outlining the roles of people who will be called to respond if a security breach occurs. This might include members of the management, compliance, legal, and communications teams, as well as service providers, vendors, and insurance companies. Additionally, access to confidential data and critical IT systems should be granted only to employees who require it to fulfill their work duties.

5. Use the Right Tools

According to a report by Tenable, 74% of security leaders attribute their latest wave of breaches to vulnerabilities in technology implemented during the pandemic. One major risk posed by remote work is the use of insecure, public internet services or poorly set-up home Wi-Fi systems. To mitigate this risk, remote workers should be required to use only password-protected, private Wi-Fi networks and routers. Virtual private networks (VPN) and multi-factor authentication are recommended whenever employees remotely access municipal networks and systems.

Even if a connection is generally safe, cyberattackers still find vulnerable entry points into government infrastructure. One U.S. government threat report found that 99% of users of a particular mobile technology were exposed to hundreds of vulnerabilities due to out-of-date operating systems.

Government agencies should routinely install security updates and require employees who have access to work systems to regularly update all devices and apps with the latest approved updates. Additionally, software that is no longer supported with updates and security patches should be disabled or deleted to prevent exploitation.

For many industries, the movement favoring flexible work arrangements is here to stay. Local governments responsible for providing public services must meet this moment by prioritizing government cybersecurity best practices.

This site uses cookies. By continuing to browse this site, you agree to this use.

Privacy Policy