https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources
    • Back
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Subscribe to GovPro
    • Manage GovPro Subscription
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
acc.com

Commentaries


Pexels

Article

3 tips for mitigating the ransomware threat to government offices

3 tips for mitigating the ransomware threat to government offices

  • Written by Rick Clark
  • 4th March 2020

In 2019, more than 140 local governments, hospitals, and police stations fell victim to malicious ransomware attacks. Various cities across Louisiana, Texas, and Florida are among many that have appeared in the headlines. This particularly malicious type of cybercrime has become a global issue whose reach and impact continue to grow. Recent reports claim ransomware damages could cost the world $20 billion by 2021.

Cybercriminals are continuously adapting and refining their strategy, making ransomware attacks very difficult to prevent and expensive to resolve. More recent attacks have targeted small and midsize local governments, with data and operations severely compromised and ransom demands frequently in the tens of thousands of dollars.

Guarding against ransomware can be substantially more difficult for local and county government agencies, which are often smaller and operating with less sophisticated IT systems. To mitigate the risk and limit the fallout of ransomware attacks, public officials must understand the threat, shore up internal defenses, and plan an effective response.

The Basics of Ransomware

Let’s start with an overview of how these attacks work. Ransomware is a type of malware that encrypts mission-critical data such as personal information and financial records to make them inaccessible to the organization that owns the data. Once cybercriminals have the information locked down, they demand a ransom before returning access to victims by way of a decryption key.

How do cybercriminals access data to begin with?

Malicious code can enter a system a variety of ways; among the most common are email attachments and phishing emails with embedded links. Once activated by click, open, or download, this code will then instruct the host system to run the ransomware code.

How vulnerable are most organizations to ransomware attacks?

The short answer is, frighteningly so. The average employee receives more than 120 emails per day, and any of these emails can contain malicious code. It takes only one employee responding to one wrong email to unleash ransomware and potentially bring operations to a halt.


Why not just pay the ransom?

Many smaller government agencies feel the only way to respond to a ransomware attack is to pay the ransom. But your odds of resolving the issue this way are slim. In fact, studies show that fewer than a third of organizations that pay cybercriminals recover access to their data.

Rather than simply caving to cybercriminals’ demands and hoping for the best, I recommend taking the following steps to lower your risk for an incident and to get your system up and running more quickly if an attack occurs.


Tip #1: Ensure system security

The first step to mitigating the ransomware threat is taking preventive measures. While ransomware is difficult to prevent, restricting access to certain areas of your network can make it more difficult to infiltrate. Set specific permissions for different departments rather than granting every employee full privileges to the entire system.

From there, you’ll need to implement anti-malware and antivirus software to block any known threats from entering the IT environment. These tools will also scan all inbound emails and flag any potentially malicious websites employees try to visit.

Tip #2: Implement a response plan

There is always a possibility that preventive measures will fall short. If an attack does occur, having a comprehensive response plan in place will help prevent cybercriminals from completely devastating your IT infrastructure and operations and reduce the risk and impact of future attacks.

Your response plan should include a forensic analysis of your office’s tech stack. Determine what is and isn’t needed to protect constituents’ data, and work quickly to address any security weaknesses or gaps. You should also have an intrusion detection and system logging tool in place and functioning so you can quickly identify how and when the system is compromised and detect any changes the attacker might have made to the system.

Tip #3: Keep employees updated on training

It’s equally important that you educate your staff on what these attacks look like and how to respond effectively. Review the common traits of phishing emails, and complement your internal training program with free tools such as phishing email simulators to test your employees’ discernment. Staff training will fill any knowledge gaps that exist and may ultimately be your best line of defense against ransomware.

As ransomware attacks spread across the globe and disrupt and disable organizations in every sector, don’t wait for an attack before taking action. Improve your defenses and your odds by establishing a response plan now, along with training your employees and securing your IT environment. Together, these steps will help you minimize the damage in the event of an attack and return more quickly to serving the public.

 

Rick Clark is the Corporate Security Director at Ontario Systems.

 

Tags: homepage-featured-4 Smart Cities & Technology Commentaries Smart Cities & Technology Article

Related


  • Florida county announces successful test of Motorola Solutions’ cloud-based P25 core technology
    A Florida county recently announced the completion of a successful test of Motorola Solutions’ CirrusCentral Core, the cloud-based secondary core for ASTRO 25 P25 systems that is designed to provide redundant reliability to the land-mobile-radio (LMR) network without the costs associated with a physical secondary core site. In Sumter County, Fla., the absence of a […]
  • Person working on laptop computer
    Embracing digital within local government in 2021
    While COVID-19 has brought on a litany of challenges, it has also shown government leaders the need to employ the right digital solutions for their constituents
  • FirstNet Authority releases new details about impact of Nashville explosion on broadband system
    Public-safety subscribers to FirstNet responding to the Dec. 25 massive explosion near the AT&T network hub in Nashville experienced a four-hour outage when some services were not rerouted prior to deployable cell sites becoming operational at the scene, according to a FirstNet Authority blog. Released Friday evening, the FirstNet Authority blog reiterated several facts previously […]
  • In challenging year, working with public safety to move FirstNet forward
    It has been a challenging year for the nation, especially for the first responders who are on the front lines of wildfires, hurricanes, and the COVID-19 pandemic. During this historic year, the First Responder Network Authority (FirstNet Authority) remained committed as ever to helping first responders save lives and protect communities. As part of our […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Modernizing state and local IT to meet new demands and drive long-term financial efficiency
  • Despite budget squeeze, state and local governments must shore up cyber posture
  • Responding to ransomware: Questions government business and tech leaders should ask
  • Facing the controversy of facial recognition technology

Twitter


AmerCityCounty

The latest episode The Young Leaders Podcast focuses on Cyril Jefferson. Cyril is the youngest African American to… twitter.com/i/web/status/1…

27th October 2020
AmerCityCounty

Hillsboro, Oregon is pioneering a new #renewableenergy generation technology through a partnership with… twitter.com/i/web/status/1…

27th October 2020
AmerCityCounty

The impact of the #COVID19 pandemic on #telework was swift and profound. Now, the big question is whether – and to… twitter.com/i/web/status/1…

26th October 2020
AmerCityCounty

Get ready for the can't-miss webinar on how to kickstart your efficiency improvement plan with Luke Anderson of… twitter.com/i/web/status/1…

26th October 2020
AmerCityCounty

Among all states headed into the 2020 general election, which ones have voting populations that are the most demogr… twitter.com/i/web/status/1…

26th October 2020
AmerCityCounty

We want to hear from you! Share your thoughts in our readership survey to help us shape future content so that we c… twitter.com/i/web/status/1…

23rd October 2020
AmerCityCounty

See how cities different approaches to distribute masks in their communities >> spr.ly/6010GAPLa

23rd October 2020
AmerCityCounty

While #facialrecognition is a powerful tool that can improve law enforcement efficiency, that doesn’t necessarily t… twitter.com/i/web/status/1…

23rd October 2020

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X