Software updates are cybersecurity's unsung hero
Key Takeaways
This week in cybersecurity awareness month focuses on software updates. It is the least glamourous of all, but very important.
Some updates are automatic and some are not. Most likely, your county technology department has put in place automatic software updates that keep staff computers and software applications protected. You may ask why this is important and why you shouldn’t delay on accepting the update if given the choice, but computer viruses evolve and change every day, which means that software applications must receive regular updates in response.
As I noted earlier, it is important to not delay these updates. But sometimes you have the option, such as on devices like your mobile phone. The longer you delay the update, the greater your chances are for having your identity and information compromised.
But not all update notifications are equal. You also need to be wary of any email that you receive which asks you to “click here” to download new updates for your software application or your computer. The question to ask is whether this is the normal process that the county IT department follows in applying updates. You need to be sure you know the source of the email before downloading any type of updated requested through that means. This is true as well when you are browsing the internet. If you get a message saying, “your computer software is out of date and you need to click here and install this update,” DON’T DO IT! The chances are high that this type of email contains malware or a virus that will be installed on your computer.
Beyond the county-maintained devices, here are options for protecting your personal devices. These links come directly from the manufacturer and provide directions on how to keep your mobile and connected devices up to date.
Mobile Devices:
Connected Devices:
• Amazon devices (Fire Tablets, Kindle E-readers, Alexa Devices, Fire TV)
Related News
DHS Announces new Funding for the State and Local Cybersecurity Grant Program
On September 23, the Department of Homeland Security announced a new funding round for the State and Local Cybersecurity Grant Program (SLCGP). The SLGCP provides $1 billion over four years to state, local, and tribal governments to implement cybersecurity plans and build resilience against emerging threats as a part of the Bipartisan Infrastructure Law (BIL).
This year’s allocation is $279.9 million, notably less than the fiscal year 23 (FY23) allocation of $375 million. Applications for funds must be submitted by December 2, 2024. Eligible entities for this program are state governments, and the program structure design allows for local governments to receive 80% of the funding via either pass-through funding or in-kind services. Counties should be advised that eligible entities may request counties to contribute to the non-federal cost-share element of a state’s application, which for this grant year is 30% for a single-entity applicant or 20% for a multi-entity applicant.
Slight changes have come to the SLCGP for FY2024, including broadening the criteria for applications. In FY22 and FY23, state and local governments were limited to specific objectives of the program, where now applications can focus on any of these four objectives:
Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations
Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments
Implement security protections commensurate with risk
Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility
The SLCGP requires that 25 percent of state allocations must benefit rural areas. Local and state governments have 48 months to complete projects and expend allocated funds. The BIL provided funding for four years, with FY 25 being the last year of the program.
NACo encourages counties to coordinate with statewide cyber planning committees to prepare a proposal for the program. NACo will continue to monitor the program and update counties with any developments.
County collaboration is key to overcoming the cybersecurity talent shortage
In the United States, citizens depend on county governments to deliver many of the nation’s most critical services. These organizations play a crucial role in ensuring overall community well-being by managing essential services such as law enforcement, public health, infrastructure maintenance, and emergency response.
National Association of Counties Pilots Artificial Intelligence Leadership Academy
NACo today announced a new professional development opportunity, the NACo Artificial Intelligence (AI) Leadership Academy, an innovative, online program to equip frontline county government leaders with practical knowledge and tools.
County News
We all serve a role in cybersecurity
