So, why are local governments such a sought after target? Well, they hold vast amounts of personal and private information on citizens, such as tax, property, and financial information. They also are one of the least protected and aware of the current cyber threats that are out there. Only 34% of cybersecurity professionals rated local government staff as being at least moderately aware when it comes to cybersecurity and only 26% of council members.
“Local governments of all sizes and locations now own and operate a wide and growing array of internet-connected technology systems: employee-issued laptops, motion sensors on light poles and under pavement, mapping and informational systems inside police cars, online citizen-engagement tools and much more. Most local governments in the United States don’t have a strong grasp of the policies and procedures they should implement to protect their technology systems from attacks”, states an ICMA op-ed, The New York Times.
The fact is that most hacking attempts are not a singular hacker messing around in their mom’s basement, but are perpetrated by sophisticated and professional hacker groups, mostly based in Eastern Europe. They go after targets that have large amounts of private information with the goal of either selling this information to identity thieves or demanding a ransom in the form of cryptocurrency to return your data.
Most attacks start the same way, a simple email. A staff member opens said email that looks as if it comes from a legitimate source, such as a superior or government organization but it is actually infected with malware that threatens their entire system. Once the email is opened the virus is spread throughout the entire organization, rendering it useless until a ransom is paid.
“Even when local governments do have top-notch cybersecurity,” Emeritus Prof. Donald Norris from UMBC said, “one mistake by one employee opening a malicious email, leaving a port open can open the door to an attack.”
Ransomware targets a systems endpoints or end-user, so having a plan in place to protect them is essential. An endpoint protection plan should include anti-malware, anti-spam, anti-phishing, and firewall software capabilities. This will help identify possible malware files that target your systems before it happens. Protection for your servers is also recommended to protect yourself from all angles.
Ransomware viruses can be downloaded directly from a website as well. To protect your webpage from also being infected, it is best to outsource your web hosting and management. A provider with a robust and secure infrastructure protocol will help prevent the spreading of ransomware through your own website. You will also want to upgrade to a modern browser such as Google Chrome or Mozilla Firefox when browsing the internet.
One way local governments can protect themselves is by investing in a secure data back-up system. When the time comes that your system is taken over by ransomware, if you are continuously backing up your important information there is no need to pay the ransom to get your data back. The cost of a ransom can be well over $470,000, much higher than the cost of a proper recovery system.
IT expert at CDW-G, David Hutchins said, “Backups are the first defense to keep hackers from profiting from a ransomware attack.”
Other ways your local government can easily protect itself is to regularly update its software and anti-virus definitions. Not having up-to-date software is just as bad as having nothing at all, thousands of new viruses are found every day and not having an updated list of threats leaves your system open for them to slip through the cracks.
But what do you do if you are already infected? First thing, do not pay a ransom! Paying a hackers ransom proves to them that they won and also doesn’t guarantee you will even get use of your systems back. As long as their ransom attempts continue to be effective, they will continue their exploitation in the hopes of an easy payday.
Stay ahead of the threats by taking a realistic look at your systems and invest in an all-encompassing protection system so this doesn’t happen to you.
Author: Scott M. Field
Scott is a Marketing Specialist at Revize. Revize is a government website provider with over 20 years of experience. Revize serves over 1,800 municipalities and government organizations around the country. With an extensive suite of web application and a custom website Content Management System (CMS), Revize allows governments to engage directly with their communities. Revize also implements a robust infrastructure program that keeps your website and data safe at all times.