HackFirstAidMunicipal
Lead magnet

Small-City Ransomware Readiness Checklist

Ten items. One page. If you can answer yes to all ten, Monday morning will go better than it would have.

  1. 1. Cyber insurance carrier and claim-line number posted at the CAO's desk

    Most policies require carrier-approved IR firms. The first call goes here.

  2. 2. Incident-response counsel identified and on retainer or pre-vetted

    Privilege starts from the first call. Generalist municipal counsel often isn't the right fit.

  3. 3. MS-ISAC (US) or CCCS (Canada) membership confirmed

    Free for SLTT entities. Threat intel, calm coordination, indicators of compromise.

  4. 4. Offline backups tested in the last 90 days

    If you can't restore Friday's tax data to Monday morning, you don't really have backups.

  5. 5. MFA enforced on all admin and finance accounts

    Phishing-resistant (FIDO2, number-matching) preferred. Treasurer, CFO, CAO, IT, AP clerk.

  6. 6. Vendor breach-notification clauses readable in one minute

    Tyler, OpenGov, Granicus, CivicPlus, Accela, M365, Workspace. Know what they owe you.

  7. 7. Paper continuity packs at every customer-facing counter

    Pre-printed receipts, permit logs, cut-off-notice deferral templates.

  8. 8. Council briefing template drafted before you need it

    Closed-session script under your open-meeting law's security exception.

  9. 9. Resident communication template approved by counsel

    Plain language. What's down, what works, when you'll update next, where to call.

  10. 10. Tabletop exercise completed in the last 12 months

    30 minutes with CAO, clerk, IT lead. Use the HackFirstAid triage as the script.