What Should Local Governments Do in the Event of a Security Breach

April 26, 2022
Connect with us

It's not a question of if but of when a security breach or ransomware event happens; what should local governments do? Cybersecurity experts say that the risk of cybersecurity incidents can occur anytime. 


So, what actions should a local government take? Should they rely on federal and state assistance, or should it be better to get professional help from a reliable third party? But before we dig into the security breach response plan, let's further know what a security breach is. 


What is a security breach by definition?


A security breach is when an attacker uses harmful software to exploit security flaws and obtains unauthorized access to an organization's secured systems and data, and restricted regions, leading to system damage and data loss. 


What can criminals do with the data they steal?


According to the 2021 Verizon Data Breach Investigations Report, most hackers use stolen data for financial gain. In the report, ShinyHunters, a famous cybercriminal gang, sold personal information of roughly 70 million clients of AT&T with the starting price of $200,000. Part of the stolen data includes passwords, PINs, Social Security Numbers, Tax IDs, Employee W-2 forms, Payment Card Information, and Medical Records. This stolen data is used for fraud such as debit card withdrawals, ransomware, identity theft, etc.


Local Government's Guide to a Security Breach Response Plan


Now, to the central part: What to do when the cyberattack happens? Let's look at the steps to take in response to a breach. 


Step 1: Secure Operations


It is imperative to act immediately when a security breach happens. Local governments should secure their systems and fix vulnerabilities damaged by cybercriminals. If needed, the department in charge should lock physical areas related to the ransomware and change their access codes. In addition to the immediate response, the local government should inform the breach response team to prevent additional data loss. 


To undertake a complete breach response, the affected offices can assemble a team of specialists. They may include forensics, legal, information security, information technology, operations, human resources, communications, investor relations, and management, depending on the size and type of your agency. There is plenty of legal counsel and independent forensic investigators that local governments can hire to help them identify the source and extent of the breach, such as Akins IT. 


Lastly, local governments should talk to the people who discovered the security breach and document the investigation. Experts also suggest not destroying the forensic evidence during your research. 


Step 2: Fix Susceptibilities


The second step in recovering from a security breach is to ensure that the local government's service providers (if involved) make the necessary steps to prevent further damage. Another action they can take is to work with their forensic experts by reviewing logs and analyzing backup data. The experts can determine who recently had access to the data, the number of people affected, and what type of information was compromised. 


Step 3: Inform Affected Parties and Individuals


Security breaches can potentially cause identity theft. The local government agency should let the involved parties (Staff and the public) know about the data breach to make the response more effective. If there are also business partners that were affected by the cyberattack, notify the companies so they can monitor the accounts for fraudulent activity. 


When notifying the affected parties and individuals, the Federal Trade Commission (FTC) recommends that the local governments should:


Consult with internal or external law enforcement partners about when to notify to guarantee a smooth investigation.

Assign personnel to release the information about the security breach, the response plan, and how the affected parties should react. 

Use letters, websites, toll-free numbers, public relations campaigns, or news media to disseminate information. 

Give identity theft protection or identity restoration services to affected individuals or parties. 


As part of the security response breach plan, the local government knew what steps they could take to avoid more losses if specific individuals were affected. It is also helpful if they know how to prevent phishing scams tied to the breach while gaining more trust from local government officials. 


How can local governments prevent cyber attacks?


There are also practical precautionary steps to prevent ransomware events or security breaches. Although it may include extra effort, these approaches are better than putting confidential data in danger and restoring damages. Here's how local governments hamper security breaches:


Take a Proactive Approach


Local governments can set up proactive antivirus protection manually using complete IT security solution. Make sure the new regulations follow the current rules. More enforcement will soon follow, which means taking action now can protect themselves from fines or violations in the future.


Manage Security Services


Think about deploying management security to prevent unauthorized access to sensitive data before it becomes a danger. As the famous saying goes, "prevention is better than cure" same goes for the local government's cybersecurity. 


Regular Risk Assessments


Conduct network safety testing from outside sources. Akins IT recommends that local government networks are regularly evaluated for potential security issues at a minimum once a year for security reasons.


Cyber Security Basics


Do not overlook inexpensive security tools for cyber attacks. The local government can take basic actions like requiring strong passwords and security awareness training, which don't require investment. 


Clear Separation Between Network Components


Verify that there is a separate network between servers. Managing different aspects is crucial for the mitigation of damage in cyber-attacks.


Data Backup: Become Ransomware Proof


An excellent way to avoid losing data during unauthorized attacks is by using a reliable data backup system to protect your information.


Cyber Liability Insurance


If you're unsure of your background in cyber security basics and whatnot, it would be best if you purchase cyber liability insurance. At Akins IT, our expert team guarantees to keep your connections secure and data ransomware proof professionally and immediately. 


If you need to improve your local Government's security, schedule a consultation with one of our professionals.


Schedule a Security Audit

AWS stumbled this morning. Here’s why multi‑cloud keeps you moving.

By Shawn Akins October 20, 2025
October 20, 2025 — Early today, Amazon Web Services experienced a major incident centered in its US‑EAST‑1 (N. Virginia) region. AWS reports the event began around 12:11 a.m. PT and tied back to DNS resolution affecting DynamoDB , with mitigation within a couple of hours and recovery continuing thereafter. As the outage rippled, popular services like Snapchat, Venmo, Ring, Roblox, Fortnite , and even some Amazon properties saw disruptions before recovering. If your apps or data are anchored to a single cloud, a morning like this can turn into a help‑desk fire drill. A multi‑cloud or cloud‑smart approach helps you ride through these moments with minimal end‑user impact. What happened (and why it matters) Single‑region fragility: US‑EAST‑1 is massive—and when it sneezes, the internet catches a cold. Incidents here have a history of wide blast radius. Shared dependencies: DNS issues to core services (like DynamoDB endpoints) can cascade across workloads that never directly “touch” that service. Multi‑cloud: practical resilience, not buzzwords For mid‑sized orgs, schools, and local government, multi‑cloud doesn’t have to mean “every app in every cloud.” It means thoughtful redundancy where it counts : Multi‑region or multi‑provider failover for critical apps Run active/standby across AWS and Azure (or another provider), or at least across two AWS regions with automated failover. Start with citizen‑facing portals, SIS/LMS access, emergency comms, and payment gateways. Portable platforms Use Kubernetes and containers, keep state externalized, and standardize infra with Terraform/Ansible so you can redeploy fast when a region (or a provider) wobbles. (Today’s DNS hiccup is exactly the kind of scenario this protects against.) Resilient data layers Replicate data asynchronously across clouds/regions; choose databases with cross‑region failover and test RPO/RTO quarterly. If you rely on a managed database tied to one region, design an escape hatch. Traffic and identity that float Use global traffic managers/DNS to shift users automatically; keep identity (MFA/SSO) highly available and not hard‑wired to a single provider’s control plane. Run the playbook Document health checks, automated cutover, and comms templates. Then practice —tabletops and live failovers. Many services today recovered within hours, but only teams with rehearsed playbooks avoided user‑visible downtime. The bottom line Cloud concentration risk is real. Outages will happen—what matters is whether your constituents, students, and staff feel it. A pragmatic multi‑cloud stance limits the blast radius and keeps your mission‑critical services online when one provider has a bad day. Need a resilience check? Akins IT can help you prioritize which systems should be multi‑cloud, design the right level of redundancy, and validate your failover plan—without overspending. Let’s start with a quick, 30‑minute review of your most critical services and RPO/RTO targets. (No slideware, just actionable next steps.)

Microsoft Confirms GoAnywhere Exploitation: What IT Leaders Need to Know

By Shawn Akins October 13, 2025
How a Zero-Day in GoAnywhere MFT Sparked a Ransomware Wave—and What Mid-Sized IT Leaders Must Do Now

The Windows 10 Deadline Is Here—Are You Ready for What Happens Next?

By Shawn Akins October 13, 2025
The clock is ticking: Learn your options for Windows 11 migration, Extended Security Updates, and cost‑smart strategies before support ends.
More Posts