Level up your cyber defenses

Use logging on government systems

Keeping sensitive data secure is a responsibility. Without logging and monitoring in place, attackers may lurk in your systems unnoticed for weeks or months. Logging refers to automatically recording events on your systems. Monitoring means reviewing and analyzing those logs to spot suspicious activity, system misuse or early signs of attack.

CISA’s free Logging Made Easy tool can help. Centralize your logs to make it easier to detect unusual activity. Set up alerts for high-risk events such as failed login attempts or when an unauthorized user gains access to sensitive data. Review logs manually or with automated tools where possible.

Back up government data

Regularly backing up data and testing your ability to restore it is a critical part of your cybersecurity strategy. A backup is a secure copy of your critical data, stored separately from your primary systems. Backups are your best hope of recovery from a ransomware attack. Work with your IT team to create a reliable strategy that protects your organization.

Identify what data your organization can’t operate without—like public safety and emergency services data, public records and legal documents—and prioritize those for protection. 

Once you know what needs to be protected, protect your data with 3 copies of important files on 2 different types of storage media (like a hard drive and the cloud) with 1 copy stored off-site, away from your location.

Test backup procedures regularly and ensure your team is trained on how to use them.

Encrypt government data

Encryption is one of the most powerful tools you can use to protect sensitive data. It’s a critical defense against attacks like ransomware and malware. Encryption scrambles sensitive information—like tax records, voter information and critical infrastructure operations—into unreadable code so that only authorized users can access it.

Encrypt all devices, hard drives, removable media, and relevant documents. Back up data to a vetted cloud service or external hard drive and encrypt your backups. Maintain offline, encrypted backups of data and regularly test them.

Share cyber incidents with CISA

Reporting cyber incident information to CISA helps protect not just your organization, but others across the country. CISA can then analyze the threat, alert other SLTTs and partners and share actionable guidance to help prevent similar attacks. The sooner you report, the sooner CISA and others can act.

How do you report to CISA?

Don’t wait for a major breach to share with CISA. Even suspected activity can be valuable.

• Use CISA’s Cyber Incident Reporting System.
• Report incidents early—don’t wait until full investigation.
• Include relevant details like indicators of compromise, system impacts and attacker behavior.
• Designate a point of contact on your IT or emergency management team.

Migrate to the .gov domain

Having a .gov domain tells the public that your website is an official source of information. Only verified U.S. government organizations can register for a .gov domain. CISA verifies the identity of everyone who applies. When people see .gov, they know it’s a website they can trust—and it’s free!

How do you get started?

Apply at get.gov and follow the instructions. To submit an application, you’ll need to register for a login.gov account (if you don’t already have one) and provide basic verification of your government status. Contact CISA (on get.gov) if you need help.

How will CISA support you?

CISA manages the .gov domain space and provides technical support, guidance, and tools. They can help you choose your domain name, process your domain request, manage your domain(s), and provide information on domain security best practices.