MCP Insights

Eleven Advanced Cybersecurity Tactics for Courts

Posted on October 5, 2021 by Joe Wheeler

Previous blogs presented an overview of the grave threat cyberattacks present to the justice community and essential strategies and tactics for preventing them. This blog offers intermediate and advanced strategies and tactics suggested by the Joint Technology Committee in its resource bulletin, “Cybersecurity Basics for Courts.” The committee is a joint effort of the Conference of State Court Administrators, the National Association for Court Management, and the National Center for State Courts.

Assuming a court or another justice agency has worked on the basics, the organization should implement intermediate and advanced tactics. These include the following:

  1. Establish controlled entry points for remote network or data access — Work with your information technology (IT) provider to implement specific and controlled network access points for individuals remotely accessing court IT assets, networks, and data. (Intermediate)
  2. Establish controlled entry points for remote network or data access — Work with your information technology (IT) provider to implement specific and controlled network access points for individuals remotely accessing court IT assets, networks, and data. (Intermediate)
  3. Implement network monitoring — Again, you will need to work with your IT provider to establish and regularly report on network monitoring. Network monitoring commonly includes establishing benchmarks for “normal” activity and configuring to alert key personnel of any movement outside set thresholds. (Intermediate)
  4. Review agreements with technology service providers — Ensure that the agreements identify roles, responsibilities, service levels, and response expectations in a straightforward manner. This step includes both vendors and government entities that provide services to the court. (Intermediate)
  5. Create and test cybersecurity event response plans — Enlist court leadership and your IT provider as a cybersecurity incident response team. Leverage them to create a plan for responding to a cyberattack that includes: assessing the situation, blocking further damage, collecting evidence, communicating to stakeholders, recovering assets, and reestablishing service. This team should conduct regular walkthroughs and tabletop exercises based on this plan. (Intermediate)
  6. Ensure that user screens lock after a certain period of inactivity.  This is to prevent unauthorized access through an unattended device. Implementing network and system monitoring and scanning software, inventorying connected devices, auditing user activities, and automatically triggering unusual activity notifications are also good ideas. (Intermediate)
  7. Establish policies and procedures regarding lost equipment — The goal is the ability to disable lost devices quickly. (Intermediate)
  8. Implement multifactor authentication — This can take the form of complex passwords or passphrases, smart cards, and biometric identifiers, such as fingerprint and iris scans. More insights on passwords and passphrases can be found here. (Intermediate)
  9. Ensure that file-encryption utilities are installed and enabled — An example includes FileVault for Apple devices. (Advanced)
  10. Establish an offline, off-premises backup — This is to facilitate recovery if online backups are compromised. (Advanced)
  11. Segment the network — According to the JTC’s bulletin, this is related closely to the Principle of Least Privilege, an essential tactic that MCP identified in a previous blog. Separate unrelated data and applications rated, e.g., house financial applications in a different part of the network than the case-management system. The idea is to add layers of complexity to make it more difficult for malware to access data. Also, if a breach occurs, network segmentation prevents data contained in one network segment from being impacted if a breach resulting from a cyberattack occurs in another segment. (Advanced)

As a court or other justice agency looks to implement these intermediate and advanced tactics, they commonly face a dual dilemma: a lack of cybersecurity technology experts and budget constraints. Keeping the staff and equipment needed to implement and maintain those tactics is unattainable for many courts and justice agencies.

MCP offers several solutions designed to help justice organizations and those that operate in the public-safety sector comprehensively improve their cybersecurity posture in a very cost-effective manner. These solutions include:

  • Mission-Critical NetInform® Secure — MCP’s subject-matter experts (SMEs), working with partner organizations, perform a thorough assessment of the client’s environment to identify vulnerabilities at the host and/or network level that a cyberattacker could exploit. Part of the process involves physical security — can unauthorized actors access any part of the infrastructure? — and penetration testing, whereby we probe the client’s networks and systems to determine if infiltration is possible. NetInform Secure is one of our most popular offerings, by far.
  • Mission-Critical NetPulse® Secure — Through this service offering, MCP monitors network traffic — e.g., what sort of conversations are two endpoints having? — as well as logs generated by firewalls and antivirus software. We also monitor the dark web for any activity that might be harmful to the client or place it at greater risk, and we review the client’s training program to ensure that it aligns with best practices and industry standards.
  • A new wrinkle added this year to NetPulse Secure is endpoint protection, which is backed by the MCP’s security operations center (SOC), which in turn continuously monitors for threats and alerts clients of suspicious activity. The new solution is designed specifically for mission-critical and public-sector networks — including servers, workstations, tablets, and other devices — which are twice as likely to be infected with malware or ransomware than other networks.
  • Also new this year is a service offering that measures an organization's compliance with the National Institute of Standards and Technology (NIST) cybersecurity framework standards and controls. This is a robust reporting tool that shows progress over time. 
  • Finally, Mike Beagles, MCP’s platform and service product manager and a certified Cisco CyberOps associate, hosts monthly “cyber chats” and cybersecurity threat advisories to keep clients informed about the constantly changing threat environment. Sign up here or check out the CyberChats here.

There is much that we can do to help your organization improve its cybersecurity posture — please reach out as soon as possible. Cyberattackers and their tactics evolve seemingly by the hour — so time is of the essence.

Joe Wheeler is vice president – justice and courts for Mission Critical Partners, and a member of the IJIS Institute board of directors. He can be emailed at JoeWheeler@MissionCriticalPartners.com.

Related Posts

Essential Tactics for Enhancing Cybersecurity in Today’s Justice Organizations

The Need for Cybersecurity in the Justice Sector is Real

Implementing a Cybersecurity Training Program is the First Line of Defense

Subscribe to Newsletter