The wealth of citizen data municipalities manage daily combined with the critical services that depend on this data makes them attractive targets for cybercrime . If you’re following recent headlines then you’re aware of some cities that have been caught in the cross-hairs of ransomware attacks and the intent behind them range from simple annoyance through vandalizing a fire stations website, to seeking real destruction by trying to access a city’s dam system, to holding a city or county hostage through ransomware. This has prompted many municipalities to ask how they can better defend against cyber threats.
In response, CyberDefenses has pulled together our top cybersecurity tips for city governments. We’ve implemented cybersecurity programs for some of the most targeted organizations in the world. Through these experiences several key things have proven to be effective again and again in defending against threats and reducing the impact of an attack.
- PLAN AHEAD
In elementary school we teach our kids to be prepared for emergencies by teaching them to dial 911, holding fire drills, and tornado drills, maybe even packing a go-bag in case of need to evacuate. However, when it comes to cybersecurity we typically get lost in the complexity and jargon and forget that we can do the same thing there.
Creating an Incident Response plan before an attack prevents poor decisions based-on panic and knee-jerk responses. Will you pay a ransom or not? By what means? Who are your point people? Decide key roles and escalations and how you will communicate should your system be shut down.
- TALK TO YOUR NEIGHBORS
Often you can prepare for an attack by talking to others in a similar industry or community and finding out what is currently happening. Talking to others means you can combine forces to improve your visibility on the methods of attackers and what types of defenses are working. This is especially important given the ever-changing landscape of the cyber world and the attacks that take place.
- BACK UP
If ransomware has taught us one thing, it is to have a RELIABLE back-up method in place. Using back-up mechanisms that cannot be detected or encrypted from an infected host, gives you the ability to step back and analyze the situation for what it is. If your system is capable of being restored then you can weigh the positives and negatives of each possibility and take time to really analyze the data in front of you.
Know where the most important data and systems reside and test your restoration capabilities.
- STOP REUSING PASSWORDS…SERIOUSLY
Once a user ID and password are obtained, they are tested by hackers with account-checking programs to gain access to other sites. With a number of password management systems available (because we all feel like we have too many to keep track of anyway), you can store, set, and change passwords and utilize a system that can create truly random passwords for you. Reusing even part of a password can be risky if your credentials are breached. Read more about that HERE.
- BE DILIGENT
Cybersecurity is never a set and forget type of system. Attackers only have to be right once to break in. Meanwhile, cybersecurity defenders have to be resilient continually to prevent a breach. Be proactive with ALL aspects of protection, detection, response, and recovery.
For an easily sharable infographic on this topic, click here. We’ve compiled these steps into an easy-to-download and print infographic that you can share and pass along to your staff. While the intricacies of cybersecurity can feel daunting the process is simple: Plan, Talk, Protect, Defend.