Cybersecurity
/Cybersecurity
Another concern is cyberattacks. Local governments have been on the receiving end of cyberattacks, especially ransomware, at alarming rates in the past few years. In a ransomware attack, hackers gain access to sensitive data and/or control of your software. Then, they demand a ransom in return for access.
One way to protect your platform from a ransomware attack is to avoid being a good target in the first place. By minimizing the amount of private data you collect from users, you limit the value of a ransomware attack. If much of your data is already publicly available on the platform, you won’t be a good target for ransom.
Instead of storing passwords, many operators of digital products now are asking users to authenticate themselves through "magic links" sent via email, SMS, or mobile phone. If you do collect and store sensitive data, such as users’ passwords, it should be sufficiently encrypted and protected so that even if hackers gain access to the database, they cannot use the information.
If you're paying for a SaaS platform, the provider will respond to any cyberattacks that occur. Many of the paid platforms explicitly promote cybersecurity as a reason to use their product.
If you're hosting your own platform, automating frequent backups and setting up a content delivery network like Cloudflare can help prevent or mitigate cyberattacks. With servers around the world, it can quickly shift web traffic to help mitigate the impact of an attack (although you and your team will still need to address the attack itself, which may require changing the code).
Digital participation platforms that collect important votes or determine budgetary allocations must also be secure from internal manipulation of outcomes. Some platforms are experimenting with the blockchain, which is essentially an open, decentralized ledger of transactions, to publicly record votes so that manipulation is more easily detectable.
Cybersecurity is a holistic concern. You should consider implementing best practices for cybersecurity across your institution. If you rely on a technology vendor like Microsoft, Google, or IBM, each provides cybersecurity resources.
Regardless of who's maintaining the platform you're using, make sure it is actively maintained. Researchers discover new security risks in commonly used software every day. The platform you're using must be regularly patched, or updated, to address these discoveries. You can determine if this is occurring by looking at the developer notes included in updates to the platform's open code repository, website (often referred to as a “changelog”), or app store.
Next: Evaluation and accountability
Previous: Moderating a civil discussion