In recent years, local governments have been targets for ransomware attacks, and the problem seems to be getting worse. With cybercriminals persistently targeting local governments, cyberattacks on city systems and infrastructure are increasing every year, with a growing impact on people. While some attacks are prevented or stopped before they become major incidents, any successful attack can cause serious disruptions that affect thousands.
In March 2018, hackers struck Atlanta’s computer networks, closing municipal courts and leaving residents unable to access the payment systems for traffic tickets and water bills. The city ended up paying $2.7 million in contracts with crisis communications and security agencies to resolve the attack.
Unfortunately, these breaches only seem to be getting worse. Government is among the top 10 industries that has already suffered and will continue to suffer from cyberattacks from 2019 to 2022.
Remote Work Makes It Even More Likely Your City Will Be Attacked
To protect against cybercrime, local officials must first allocate a sufficient budget. While this might be challenging because of the continued economic fallout caused by the events of 2020, spending on cybersecurity now can reduce damage control costs later. Recovering sensitive data that was compromised in a successful ransomware attack is very costly.
Before any events occur, local government IT officials should construct both a response plan (for taking action during an event) and a recovery plan (for addressing the effects of the event).
It’s especially important to have both a response and a recovery plan because of the rise of remote work. Many city governments are operating with some employees working from home and others going into government offices. The increased number of people working from home creates more opportunities for these events to occur.
How does this happen? Remote work creates more endpoints for malicious cybercriminals to attack. For example, personal devices that might not have been used for work purposes before are now an avenue that can be exploited. Standard government-issued equipment is typically loaded with security controls that personal devices do not have. Employees working from home might be using their personal home networks that are unsecured and connected to other unsecured devices (such as a teen’s computer). This creates further risks because these personal devices cannot always be controlled.
It’s evident that when employees conduct confidential or sensitive work on unsecured home networks, they create more avenues for cybercriminals to break into. What’s not so evident is the psychological effect that working from home has on cybersecurity. When an employee is at home, he or she might feel more relaxed and less vigilant. That means they might be more susceptible to phishing emails and other potential scams. Working from home can influence employees to let their guards down, which gives cybercriminals the opportunity to strike.
It’s possible for local governments to protect their employees by investing in cybersecurity tools that can help shield users’ devices and networks more thoroughly than if they were just working on their home connection. VersaTrust can keep your organization on its toes when it comes to cybersecurity. We offer Unified Threat Management to keep your online environment protected. By making sure your organization has the best firewall and antivirus protection, spam-blocking technology and a content-filtering solution, we’ll help you neutralize threats to your cybersecurity. VersaTrust can help you set up a cybersecurity strategy that’s protective and affordable.
How can local leaders keep their cities and constituents safe from malicious attacks?
It’s Time for Decisive Action
While IT leaders report that cybersecurity is a clear concern, local elected officials often do not treat it as such. According to the 2020 National Survey of Local Government Cybersecurity Programs by the Public Technology Institute/CompTIA, “23% of IT executives report their elected officials are not engaged at all.” The statistics show that less than a quarter of elected officials are actively working towards prioritizing cybersecurity, a staggeringly low number considering the potential devastation cybercriminals can cause.
Budget is a concern as well, according to 66% of IT executives surveyed in the report. VersaTrust knows that many city budgets are limited. Little, if any, money is allocated to cybersecurity. We’re not the only ones who understand this. Cybercriminals realize it too, which is why they target cities. It can seem like a difficult issue to resolve, but not all solutions are costly. It’s possible to protect both vital infrastructure and constituents’ data without spending a fortune.
5 Affordable Ways to Increase Your Cybersecurity
- Use a VPN
Protect employees’ connections first. Require employees to log onto government networks via a VPN or by using virtual desktop infrastructure. This allows those with an approved endpoint (usually a computer) and a network connection to have secure access to the applications and data on a desktop. Mobile hotspots, which run on a cellular connection, also allow users to connect to the internet more securely.
- Turn on multifactor authentication
Once connections are as secure as possible, it’s important to implement a cybersecurity education program. All individuals who work for a government agency should be using multi-factor authentication (MFA) as much as possible to protect their accounts. If there’s an MFA option, each employee should be required to use it. If they don’t know how, it’s important to provide education to demonstrate how to implement this important security safeguard.
- Educate employees
When city governments fail to educate their employees on the importance of implementing cybersecurity measures, they open up the possibility of attacks on critical city infrastructure and constituent data.
Employees should receive training on updating passwords and firewalls. Through cyber education, employees can recognize the difference between a secure email and an attempt at phishing.
- Make patch management a top priority
Every employee must download updates and other software patches on their computers and devices as soon as they become available. These updates help fix holes that cybercriminals try to exploit. Patch management should be a top priority for government IT departments.
- Develop a comprehensive cybersecurity plan
As soon as possible, it should be decided who will be responsible for developing, implementing and enforcing the agency’s cybersecurity policy. That individual should spearhead the effort to define cybersecurity goals, plans and procedures. There should be a procedure for educating new employees on the agency’s policies, including always updating. Lastly, consistently communicate new or changing cybersecurity policies to employees.
Work with VersaTrust
While working within a budget, governments should take key steps to recognize current cybersecurity concerns, develop a plan and take action to protect their online environments. Preventative action now can save on recovery costs later.
VersaTrust can help your organization by providing both the cybersecurity education and the hands-on software support you need to protect your staff, citizens and infrastructure. We’ll make sure all your bases are covered so that you can rest assured knowing that you’ve taken all the steps you can to protect your infrastructure and constituents against malicious cyberattacks. Contact us for a cybersecurity consultation today.