Florida’s taxpayers deserve better cybersecurity from government agencies

When Floridians pay their taxes, they expect that money to be spent wisely. Roads are paved and in good shape. Schools funded. Data protected. What they don’t expect is for those same dollars to be spent on tech contracts that leave sensitive information wide open to hackers.

As someone who works with small businesses daily, I see firsthand what happens when cybersecurity takes a back seat. One weak password, one missed update, and suddenly a company’s email or payroll system is locked up by ransomware.

And for local governments, it’s not just a technical problem. It’s a taxpayer problem that too often results from large vendors cutting corners.

For example, Microsoft is one of the biggest technology companies in the world. Yet, it has repeatedly failed to protect the data of the very governments and citizens who rely on it. In 2020, the company, along with SolarWinds, was part of a significant data breach involving Russia-linked hackers who compromised more than 200 organizations and government agencies worldwide, including the Florida Agency for Healthcare Administration. Earlier this year, foreign hackers exploited flaws in Microsoft’s software in order to access U.S. government networks, including the Department of Homeland Security and the National Nuclear Security Administration.

It’s further been reported that Microsoft outsourced parts of its cloud maintenance, including for agencies like the Department of Defense, to low-cost labor overseas, including to China. That’s not just bad business judgment. It’s a national security risk that trickles all the way down to our state and local systems – an expensive one at that.

Government officials often talk about cutting government waste to save taxpayer dollars, but few realize how expensive a single cyberattack can be. A ransomware breach can drain local budgets, delay paychecks, and even expose residents’ personal data. The costs add up fast – emergency IT response, investigations, system restoration, legal fees, potential lawsuits, and in some cases, the long-term expense of credit monitoring for affected citizens.

Smaller municipalities will struggle to recover from a single security incident, having to draw on other budget areas to pay for everything. Every time that happens, it’s taxpayers footing the bill for someone else’s negligence.

The ripple effects also extend beyond immediate financial damage. When a city’s systems go down, residents can’t pay their water bills online, businesses can’t get permits processed, and critical services grind to a halt. The government already has a bad reputation for being too slow — cyber incidents make it worse. And once a breach becomes public, it can take years for an agency to rebuild its reputation and restore public confidence.

I’ve worked with small businesses all over South Florida and throughout the state that are trying to modernize their systems. They’re smart, dedicated people, but they’re often working with outdated tools and limited budgets. Like my clients, many of these local government IT departments are understaffed and underfunded, struggling to keep up with increasingly sophisticated cyber threats. They deserve better support and resources to do their jobs effectively.

The good news is that Florida can set the tone nationally. We should require stronger vendor accountability and prioritize cybersecurity in every state contract so that national incidents like the Microsoft breach don’t occur on a smaller scale in our municipalities and states. Florida should also continue to invest in cybersecurity training programs to build a homegrown workforce capable of defending our digital infrastructure.

At the end of the day, cybersecurity comes down to stewardship. Protecting taxpayer dollars. Protecting the businesses that keep our economy running. Protecting the citizens who count on government systems to be there when they need them. It’s time for Florida’s leaders to demand more from their technology vendors and ensure that every contract signed prioritizes security. Our taxpayers deserve nothing less.

 ___

Reginald Andre is the CEO of ARK Solvers, a South Florida-based cybersecurity and IT company.