Why me? Cyber-attacks are on the rise. Even if your city does not have an IT department, it’s important to take cybersecurity seriously to prevent attacks.
October is Cybersecurity Awareness Month, and while no one can prevent every cybersecurity threat—there are some simple steps you can take to make city hall more secure. Here are three of our top tips:
1. Make a list!
If a cyber incident or attack does take place, the first thing you will need to know is what items are affected. You’ll be able to work much faster if you have a complete inventory list of all hardware and software that your city is supporting.
If this is not something you’ve done before: start simple. Create a spreadsheet with all the technology inventory in your city. Include:
- The item/device/program
- Model ID/Version
- Serial Number
- Purchase date
- Warranty expiration
2. Beware of ransomware
Also known as cyber extortion, ransomware is malicious software designed to steal city data unless a ransom is paid.
Typically, ransomware is disguised as a file that users are tricked into opening or downloading. Once opened, ransomware can quickly steal, lock, and/or scramble data files saved across your entire network.
You don’t need to be an IT professional to thwart most ransomware attacks. A few steps can help your city stay secure:
- Make sure city staff are taught to recognize phishing attempts, and that they think twice before clicking on suspicious links or attachments.
- Regularly back up network files on a system (such as an external hard drive or Cloud) that is not connected to your network. That way if ransomware destroys data or files—you have copies. At a minimum, backups should be done once a week.
- Keep your computer software updated (especially Windows). You should always have the most recent versions of programs installed. Older versions will have more known security flaws.
- If you suspect a ransomware attack, don’t panic.
- Unplug the machine suspected of being under ransomware attack from the network and internet. Disable the computer’s wifi (if any).
- Take a photo of the screen and any suspicious activity you are seeing (use your phone camera).
- Call your IT department or another technical or cybersecurity resource to talk you through alerting users, password changes, and malware updates. If ransomware is confirmed, contact the League for assistance submitting a claim with insurance.
3. Cut ties with citywide Wi-Fi
Want to provide free Wi-Fi in city call? Great! But get a separate Wi-Fi network for city staff.
Hackers can easily use public Wi-Fi to steal personal information or carry out phishing schemes. It’s best to keep sensitive city data secure and separated from public-use Wi-Fi.
More Cybersecurity Resources
The League of Minnesota Cities has several cybersecurity resources, including a full-time Cybersecurity Loss Control Field consultant dedicated to dealing with this growing threat.
We can help you:
- Create cybersecurity policies and plans
- Assess security and risk
- Procure technology or IT support
- Train your staff
- Evaluate insurance coverages
Reach out for more information:
Christian Torkelson – Cybersecurity Loss Control Field Consultant