Search
Close this search box.

Ransomware attacks are hitting local governments. Here’s how they can fight back.

pexels-markus-spiske-113850

Ransomware attacks are hitting local governments. Here’s how they can fight back.

“The odds of a municipality becoming a cyber victim are one in four,” one cybersecurity expert said.

The emails showing up on office computers asked about a recent Amazon order. Local government employees in various South Jersey towns were told to click to see the status of the order.

“And most people will click that,” said Lou Romero, a cybersecurity expert. “And my question is, ‘Did you order anything on Amazon? [No.] Then why are you clicking on it?’”

But had such an email come from a malicious source, a municipality’s whole system could have been compromised. The town’s ability to function could have been held hostage for a ransom. Romero has seen it happen.

Ransomware has targeted more than 70 local and state governments so far this year, according to a report by researchers at Barracuda, an IT security company. Among those hit were municipalities in Florida and Texas, and Baltimore, where hackers locked away critical files. Baltimore didn’t pay the ransom, but officials said the attack will cost the city $18 million. In July, the U.S. Department of Homeland Security partnered with national groups to urge governments to take advantage of the best practices and resources to protect themselves.

“These evolving and sophisticated attacks are damaging and costly,” the Barracuda researchers wrote. “They can cripple day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unbudgeted and unanticipated expenses.”

Because most municipalities don’t have millions to spend on cybersecurity the way big corporations do, they can be easy prey, Romero said. Several local governments in the region, wary of attacks, declined to talk about their cybersecurity strategies.

“The odds of a municipality becoming a cyber victim are one in four,” said Romero, a consultant for 64 South Jersey municipalities. “So it’s not a matter of if, it’s only a matter of time.”

It’s not that municipalities are being attacked by ransomware more often than individuals and corporations, said Eric Cornelius, chief product officer for BlackBerry’s Cylance, which sells cybersecurity software and services.

“It’s that everyone is being attacked by ransomware more often,” he said.

But attacks against local governments can keep them from delivering a variety of vital services to thousands of residents.

In cybersecurity, local governments are playing catch-up

An employee at a maintenance yard in Haverford Township, Delaware County, got an email with a subject line that seemed off. But it was just enough to be a tease. The worker clicked it.

“And that’s all it took,” said Rick Maclary, the township’s IT director.

A message popped up saying that someone had the computer’s files and the township had to pay a ransom to get them back. The office didn’t store vital information, but when Haverford didn’t pay the ransom, the employee lost contacts and about a month’s worth of data, which the township had not backed up. That was about six years ago.

“That’s when we really learned our lesson that we had to get more serious” about cybersecurity, Maclary said.

Cyberattackers aim to hold systems hostage so local governments can’t operate until they pay a ransom — they are called “denial of service” attacks.

Two years ago, Romero assessed more than 200 small- and medium-sized municipalities in New Jersey. More than 85% had poor password policies, such as allowing fewer than eight characters, not setting expiration dates, or not locking accounts after failed password attempts. Only 4% had any type of cybersecurity awareness training. Municipalities are far behind the private sector, even though ongoing attacks have spurred improvements among the New Jersey towns since 2017.

Attackers, too, are getting more sophisticated, even sending emails that are specific to departments, said Jerry Mascia, Mount Laurel’s superintendent of public works. For example, the permitting department will get an email that says, “Attached is my application to erect a fence.” But it’s malware that infects the municipality’s system once someone opens it.

The challenge for municipalities is figuring out how to maximize their IT security with limited budgets, Romero said. Many local governments don’t have dedicated IT departments and don’t have the resources to attract skilled IT staff, cybersecurity experts said.

‘Cyber hygiene’: Invest in systems, training, and policies

“They are better off spending the money on good-quality cyber hygiene than spending the money and giving it to the lawyers or ransoms,” Romero said. “Cyber hygiene” includes identifying vulnerabilities, using layers of encryption and fire walls to protect data, creating plans to prevent and react to attacks, and keeping up with the latest security patches and system upgrades.

Three municipalities that Romero works with decided to band together and pay a local high school, which has strong cybersecurity, to handle their IT needs.

Cornelius called cybersecurity “the cost of doing business in a digital world.”

“It’s important to realize security is a journey, not a destination,” he said.

He said municipal IT employees often inherit “Frankenstein” systems that are built piecemeal, and the lack of cohesion makes these systems difficult to defend.

Employee cyber training also is necessary. Haverford tells its workers not to use personal emails on township computers and relies on software that scans emails for suspicious behavior before employees see them, reducing the chances that a worker will click something dangerous. The IT department trains workers not to click on suspicious emails and to report them.

Although training is helpful, municipalities shouldn’t rely on it, said Cornelius, who said that over the last two decades, he has engaged in “a highly unsuccessful effort” to teach people not to click suspicious links and emails.

“One always gets clicked,” he said.

Municipalities should develop plans for how they’ll restore services if someone is holding their systems hostage. Few have them, Romero said.

Back up files and stay vigilant

A couple of years ago, Romero was surprised to find that a small South Jersey municipality was backing up its files only every three months, instead of every day, as experts recommend. It turns out that an employee was copying the files one-by-one onto a thumb drive. He showed her how to copy all the files at once.

When Romero advises government officials, he tells them, “Your backups are your lifeline.”

Haverford has taken its lesson to heart, backing up important information every few hours. Local governments also keep track of the periodic warnings the Department of Homeland Security shares about emerging cyberattacks.

“It’s scary the way it is,” Maclary said. “You just can’t trust anybody electronically anymore. You can’t let your guard down.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts

News

Key Safety Tips for Employees and Customers During a Storm: Skyscraper’s Comprehensive Guide

Storms bring unpredictable dangers that can impact both employees and customers. At Skyscraper Insurance, we emphasize proactive preparation to protect lives and ensure the continuity of your business. Here’s an expanded guide on how to stay safe before, during, and after a storm. 1. Evacuation Plans: Planning Saves Lives It’s critical to have a clear and practiced evacuation plan. Ensure that employees are aware of the safest exit routes, and mark meeting locations a safe distance from the building. Regular fire drills and emergency evacuation simulations are a good practice to instill confidence and readiness. For customers, install illuminated signage and clearly mark exit paths. If a storm warning is issued, communicate swiftly with customers and ensure they understand the evacuation procedures, especially if they’re in a high-traffic business area. Consider having staff members dedicated to customer assistance in case of an emergency evacuation. 2. Emergency Contact Procedures: Effective Communication in Crisis Communication is essential during emergencies. Create an updated emergency contact list, ensuring all employees know how to reach key personnel. Also, consider using group messaging apps to communicate quickly. During storms, communication with customers becomes a priority as well. Update them through multiple channels, such as SMS, email, and social media, about business hours, potential closures, or delays. Maintain transparency so customers are informed and can plan accordingly. 3. Emergency Preparedness Kits: Stock Up Early Every business should have an emergency preparedness kit available for employees. Kits should include flashlights, batteries, first-aid supplies, water, food, and blankets. Businesses should also consider additional supplies like backup chargers for electronics, an emergency radio, and whistles for signaling. 4. Shelter in Place Procedures: Protecting Everyone Indoors Not every storm allows for immediate evacuation. If sheltering in place is necessary, identify the safest areas in the building—preferably an interior room without windows or a storm cellar. Keep emergency supplies in this designated area and provide employees with clear instructions on how to get there when needed. In case customers are on-site, ensure you have enough room in your safe spaces to accommodate them. Train employees on how to manage customers calmly and efficiently during shelter-in-place procedures. 5. Post-Storm Safety: Navigating Hazards Once the storm passes, businesses often face secondary hazards such as flooding, debris, and downed power lines. Employees should be cautious about re-entering buildings, especially if structural damage or flooding is present. Electric wires and water can still be dangerous after a storm, so businesses should avoid flooded areas and report downed power lines to local authorities immediately. For customers, provide guidance on where it is safe to move. If necessary, arrange for transportation to ensure they leave the premises safely. Display caution signs or block off hazardous areas with barriers to prevent accidents. 6. First Aid and Emergency Training: Equip and Educate Your Team Ensure your workplace is equipped with proper first aid kits and that employees know how to use them. Basic first-aid training, like CPR and injury treatment, is crucial in the event of an accident. Designate team members as first responders and equip them with radios or other tools to assist in case of an emergency. 7. Remote Monitoring and Business Continuity Plans Technology can help businesses stay safe and operational. Implement remote monitoring systems to assess storm damage in real-time. It’s also crucial to back up business-critical data before the storm hits. Using cloud storage for customer data and operational files ensures they remain safe, even if physical equipment is damaged. Establish a business continuity plan that outlines how operations can resume post-storm. For remote employees, disaster-proof communication tools like virtual meeting platforms and secure VPNs will keep your business connected and functioning. 8. Reassure and Support Employees: Mental Health Considerations Storms are stressful for everyone involved. After the storm passes, check in with employees about their physical and mental well-being. Many might have experienced personal losses or trauma, and providing access to counseling services or simply offering a supportive environment will go a long way. Skyscraper Insurance: Your Partner in Preparedness At Skyscraper Insurance, we understand that protecting your employees and customers is the first step in managing risk. With our risk management solutions, we help businesses be storm-ready and resilient. These safety tips are part of our comprehensive approach to minimizing risk and helping you recover faster.

Read More
Careers / Life at Skyscrapers

Remote Workforce Considerations During Natural Disasters: Skyscraper Insurance’s Proactive Approach

At Skyscraper Insurance, we pride ourselves on safeguarding not only our clients’ assets but also our team, partners, and remote workforce. In the wake of increasing natural disasters, it’s crucial for businesses to be prepared. Supporting a remote workforce during such times is an essential part of ensuring safety, business continuity, and stability. As part of our commitment to excellence and risk management, we have developed clear strategies to help our clients and remote workers thrive through any crisis. Here’s how we approach it: 1. Seamless Communication Across Platforms 📡Maintaining constant and open lines of communication is essential. Skyscraper Insurance uses multiple platforms, including cloud-based systems like Microsoft Teams and Zoom, to ensure that no matter what happens, our team stays connected. This ensures that when disaster strikes, our employees and clients know exactly where to turn. 2. Customized Disaster Preparedness Plans 📋We don’t just prepare ourselves; we help our clients prepare too. At Skyscraper, we tailor disaster preparedness plans that include dedicated procedures for remote employees. We ensure that everyone, from leadership to frontline employees, understands how to stay safe and stay productive even in difficult times. 3. Remote Tools for Productivity & Continuity 💻Our team leverages state-of-the-art cloud-based tools like project management platforms, file-sharing software, and secure remote working applications to ensure business continuity. No matter where our employees are located, they have secure access to necessary documents and systems to serve our clients and keep the business moving forward. 4. Employee Safety: Our Priority 🚨People come first at Skyscraper Insurance. During natural disasters, we encourage our team members to focus on their personal safety. We provide guidance on local emergency protocols, ensuring our employees take all the necessary precautions for themselves and their families. 5. Cloud Backups for Business Data 💾To keep operations running, all essential data is backed up in the cloud. This ensures no loss of information, even if power outages or connectivity issues occur. The Skyscraper Insurance team is trained to resume operations as soon as conditions stabilize. 6. Overcoming Power and Connectivity Challenges 🔌Our remote workforce is equipped with solutions for potential power outages, such as portable chargers and mobile hotspots, ensuring their work is minimally disrupted. Skyscraper Insurance encourages investment in such equipment so that our team can quickly adapt and continue serving our clients. 7. Business Continuity Beyond the Crisis 📈With remote working tools such as VPNs and video conferencing, we ensure the entire workforce can function effectively during a disaster. These proactive steps help us maintain seamless client service, no matter the external conditions. 8. Supporting Mental Well-Being 💡Natural disasters can be overwhelming, and at Skyscraper, we prioritize our employees’ mental health. We offer access to mental health resources and virtual wellness programs, ensuring our team remains resilient during trying times. By incorporating these strategies, Skyscraper Insurance ensures our workforce—and our clients—stay protected during even the most unpredictable events. With our proactive disaster-proof measures, we provide peace of mind to everyone in our ecosystem.

Read More
Try your instant quote