By: Jens Jensen, PC Claims Manager
Cyber crime is on the rise and public entities are a known target for this type of behavior. You may think your district would not be a prime target because of its size or just the nature of your district’s business, but that is not the case.
The fact of the matter is cyber criminals are targeting all different kinds of public entities and infrastructure, and there does not seem to be any kind of discrimination based on size, nature of business, or location. In the news, we have seen attacks on gas pipelines and potable water providers. There is even some speculation that smaller districts may become bigger targets as larger businesses have the advantage of more easily implementing cyber theft deterrent measures.
Cyber crime is often a crime of opportunity. By this, we mean you might be providing the opportunity for the cyber criminal to breach your computer systems. Most often, this breach comes riding right through the front door in the form of an email. Just like the Greeks hid inside the big wooden horse to gain access to Troy, cyber criminals imbed malicious code in emails hoping you will click on them allowing the bad software to infiltrate your systems. Most of the time, once you realize that you have been infiltrated, just like the Trojans, it is way too late. The damage was done several months ago.
Early on in the cyber criminal world, hackers would just gain access to your systems, lock you out, and demand a small ransom to unlock your systems. In today’s world, the hackers gain access to your systems, infiltrate your backups, and carve themselves out a home to operate in. When they spring the trap, they generally have been living in your systems for months and have a good grasp on all aspects of your operation. In these situations, restoring from your backups does not work because those have also been infected.
What can you do? Hackers typically are looking for easy targets. We worked with Matt Solomon at Eide Bailly to share the following tactics you can employ to help stave off this threat:
- Update software often. Hackers exploit breaches in older software versions. Updates help patch these breaches.
- Utilize an endpoint protection tool. This secures devices that have access to your network.
- Change passwords often. Require passwords to be changed often and make passwords complex using combinations of symbols, numbers, and upper- and lower-case letters.
- Restrict access. Not every user needs administrative access to the entire computer system. Limit this type of access to IT personnel or those that are in charge of IT-related duties.
- Regularly train employees on how to identify phishing scams. Your boss did not ask you to go buy some gift cards on Saturday night with your personal credit card. Cyber crime training is going to prove to be just as important as any other types of training you currently do.
Of course, there are dozens of other easy to implement tips and tricks easily found online to help thwart the hackers. The unfortunate truth is a breach in your systems may prevent you from providing the services your patrons are counting on you for. If the hacking is severe enough, this can also lead to distrust by your patrons, especially if your district has dealings with personally identifiable Information (PII) or personal health information (PHI).
Cybersecurity can be a tricky thing to navigate on your own, so SDIS is providing the following upcoming webinars at no charge to you:
- General Security Awareness Training Tuesday, July 20 | 11am-11:50am
- Implementing Policies for Cybersecurity & Acceptable Use Tuesday, August 24 | 10:30am-Noon
- Data Management and Security Tuesday, October 19 | 10:30am-Noon
- General Security Awareness Training Tuesday, September 21 | 11am-11:50am
Visit www.sdao.com/cybersecurity-resources to learn more and register for one of these free webinars. Recordings of past trainings and other valuable resources are also available to you on that page. Also on this page is a cybersecurity guidebook available for you to download.
Should you become a victim of a breach or hack, please contact your agent or the claims office at firstname.lastname@example.org.