a padlock and chain over a computer keyboard

Cybersecurity is essential for municipal clerks—whether working with a dedicated IT team or safeguarding agency resources alone. The threats are real, but simple strategies can reduce risk and protect public trust. Here’s what every clerk needs to know:

What to Confirm with Tech Support/IT

If your agency has technical support, confirm these essentials:

  • Multi-factor authentication (MFA) is enforced across systems. MFA adds a second layer of protection to all logins.

  • Device and software updates happen regularly. Keeping systems patched shuts down major vulnerabilities before they can be exploited.

  • Backup strategies are active—and effective. Confirm that vital records are backed up regularly, with copies kept offsite or in the cloud.

  • Staff are trained to spot phishing. Cybersecurity basics like recognizing phishing emails reduce risk at all levels.

  • Incident response playbooks are in place. Ask to see the documented protocol for reporting, containment, and restoration after any suspected cyber incident.

  • Meeting portals and access controls match public records requirements. Ensure citizens only see what’s allowed and internal workflow is separate.

Frequent, open communication with tech support helps clerks be proactive, not reactive, on cybersecurity.

What to Know If You Don’t Have Tech Support/IT

No dedicated IT? Take these practical steps:

  • Apply basic frameworks from national resources. Review free guides for municipal cybersecurity from CISA and the Florida League of Cities (see below).

  • Update devices and applications automatically. Enable automatic updates wherever possible to reduce gaps.

  • Implement strong, unique passwords and enable MFA where possible. Use a password manager and never reuse the same password.

  • Regularly back up vital records in the cloud or offsite, testing restores at least monthly. The “3-2-1” backup rule is a solid option.

  • Stay alert for social engineering and suspicious emails. If something feels “off,” do not click—report it, even without tech staff.

  • Maintain an incident checklist. Know how to disconnect compromised devices, contact leadership, and notify authorities like CISA if a breach occurs.

For ongoing learning, statewide cyber initiatives like CyberOhio (link below) offer risk-assessment help and emergency guidance.

Quick Wins: Fast Cybersecurity Boosts for Clerks

Small, fast actions can instantly boost an agency’s security posture. Here are eight things clerks can do right now, each taking just a few seconds:

  • Lock the computer screen every time you step away (Windows+L or Ctrl+Cmd+Q on Mac).

  • Double-check the sender’s email address before opening attachments or clicking links, especially with unexpected or urgent messages.

  • Close inactive browser tabs and applications to reduce access points.

  • Use strong, unique passwords – and never write them on sticky notes or in visible places.

  • Log completely out of sensitive systems rather than just closing browser windows.

  • Enable automatic software updates on your computer and mobile devices when prompted.

  • Remove any unknown USB devices from your workspace; never plug in untrusted drives.

  • Report suspicious emails or login prompts immediately to your supervisor or designated contact—even if you’re just unsure.

Regularly practicing these habits helps block the most common cyber threats and protects both agency data and community trust.

Click for a printable version to keep by your desk and share with colleagues.

 

References from:

  • [Cybersecurity Best Practices: CISA]

  • [Connected Communities Top Cybersecurity Best Practices: CISA]

  • [Top 9 Cybersecurity Priorities for Local Government: mapolce.com]

  • [A Shared Responsibility Model for State & Local Cybersecurity: Aspen Digital]

  • [Cybersecurity for Local Government: UMBC Primer PDF]

  • [State, Local, Tribal, and Territorial Government: CISA]

  • [Cybersecurity Portal: Florida League of Cities]

  • Backups Aren’t Enough: StateTech Magazine]

  • [Cybersecurity Incident & Vulnerability Response Playbooks (PDF): CISA]

  • [New Study on Local Government Cybersecurity Risk: CyberOhio]

  • [Cybersecurity Best Practices for Municipalities: NH Municipal Assoc.]

  • [What Cybersecurity Best Practices Should Local Governments Follow?: Adams Brown]

  • [Enhancing Municipal Cyber Security: TownWeb]