Thursday, November 14, 2019

Fulfilling the Cybersecurity Responsibility

Ransomware attacks are a critical risk for cities and towns, having grown more common and more expensive to address.  
The process of hacking a computer system and demanding a ransom is a straightforward one. First, the hacker tricks someone in the organization into exposing the network, possibly by emailing the person a link that turns out to be a virus, or by posing in a phone call or an email as a coworker or some other trusted person in order to ask for login credentials like usernames and passwords. Once in the system, the hacker locks computer files or possibly even the entire system, then demands the payment of a ransom through untraceable Bitcoin cryptocurrency. Municipalities, as a result, can stand to lose business operations and potentially even large amounts of money, if they choose to pay the ransom. 

There are steps that city and town governments can take to guard against ransomware attacks. For example, training staff to pay careful attention to messages that engender a sense of panic – that something has to be done immediately to stop a problem – can help them spot phishing attempts. The emails could ask for authentication information, or use misspelled words or strange phrasing. At the Municipal Association of SC, the staff is encouraged to forward suspected phishing emails to the IT department. Messages can then be used as an educational tool to illustrate a real-world example of what a dangerous email look like. 

Other steps for municipalities can include increasing a focus on security software, strengthening passwords and teaching staff to maintain a wariness of unfamiliar wireless networks. Putting adequate resources into backup systems can help cities have options as they work to restore data and maintain continuity of services. 

In October, the National League of Cities released a report on municipal cybersecurity. It noted that cybersecurity readiness needs the involvement of the entire organization, including leadership; that the work has to remain continuous; and that adequate budgets are necessary to provide meaningful security. Because cyberattacks can cost taxpayer money and service reliability, local officials owe their residents a serious approach to cybersecurity, both in infrastructure and in ongoing training. 

Additional resources