The process of hacking a computer system and demanding a ransom is a straightforward one. First, the hacker tricks someone in the organization into exposing the network, possibly by emailing the person a link that turns out to be a virus, or by posing in a phone call or an email as a coworker or some other trusted person in order to ask for login credentials like usernames and passwords. Once in the system, the hacker locks computer files or possibly even the entire system, then demands the payment of a ransom through untraceable Bitcoin cryptocurrency. Municipalities, as a result, can stand to lose business operations and potentially even large amounts of money, if they choose to pay the ransom.
There are steps that city and town governments can take to guard against ransomware attacks. For example, training staff to pay careful attention to messages that engender a sense of panic – that something has to be done immediately to stop a problem – can help them spot phishing attempts. The emails could ask for authentication information, or use misspelled words or strange phrasing. At the Municipal Association of SC, the staff is encouraged to forward suspected phishing emails to the IT department. Messages can then be used as an educational tool to illustrate a real-world example of what a dangerous email look like.
Other steps for municipalities can include increasing a focus on security software, strengthening passwords and teaching staff to maintain a wariness of unfamiliar wireless networks. Putting adequate resources into backup systems can help cities have options as they work to restore data and maintain continuity of services.
In October, the National League of Cities released a report on municipal cybersecurity. It noted that cybersecurity readiness needs the involvement of the entire organization, including leadership; that the work has to remain continuous; and that adequate budgets are necessary to provide meaningful security. Because cyberattacks can cost taxpayer money and service reliability, local officials owe their residents a serious approach to cybersecurity, both in infrastructure and in ongoing training.
Additional resources
- Managing Ransomware Risks – Uptown article
- Cybersecurity: S1 Ep23 – City Quick Connect podcast
- Follow Simple Tips to Reduce Cyber Risks – Uptown article
- Travelling? Pack Your Cyber Smarts – Uptown article
- Protecting Our Data: What Cities Should Know About Cybersecurity – National League of Cities Report