How Do You Prevent a Ransomware Attack? Tips to Keep Local Governments Safe
Lately, it seems like every time we turn around we hear of another local government being hit by a ransomware attack.
In these attacks, hackers gain access to a government’s network and install malware that prevents it from accessing its computer systems and data, essentially holding the government’s operations hostage and grinding all services to a halt. Only after the government pays a ransom does it regain control of data and systems.
Ransomware attacks can have a devastating impact on the ability of government to do its daily work. And they can be quite costly, too — both to sustain, and to move past.
“The average cybersecurity breach costs states between $665,000 to $40.53 million, with a median cost varying from $60,000 to as high as $1.87 million.”
Here are just a few of the ransomware attacks that made the news recently:
- In the City of Lowell, MA a ransomware attack made phones, networks, and servers throughout the City’s government inaccessible.
- In Spartanburg County, SC a ransomware attack shut down the Register of Deeds, the county courthouse, and the sheriff’s office.
- In the City of Dallas, TX, a ransomware attack brought government operations to a halt. Notably, the attack also impacted the work of law enforcement, forcing 911 operators to relay information from emergency calls in hand-written notes instead of using the computer assisted dispatch system.
Given all these events, you might worry that your municipality could be the next victim to one of these attacks.
But the good news is that there are steps you can take to make it harder for hackers to gain access to your systems and initiate ransomware attacks. And these are things you can do right now.
Here are two areas in which you can take action to avoid falling victim to a ransomware attack.
1. Educate Your Employees —and Yourself— on Data Security Best Practices
Even the most robust data security can be compromised if the people using it don’t have the proper education on how to avoid being hacked.
Lately, hackers and scammers have been using more and more sophisticated methods for scaring people into “fight or flight” states so they’ll share sensitive information, going so far as to using AI-generated voices to impersonate the family members of their targets.
As ominous as this all sounds, you can protect yourself by being skeptical. If there is a high degree of urgency in a request for money or sensitive information, and if the call or email comes from an unknown number or email address, chances are it’s not legitimate.
Here are some key data security best practices for educating those who work in local government—and elsewhere—to help them avoid ransomware attacks:
- Don’t share sensitive information via email or phone. This sounds obvious, but you’d be surprised how compelling a phone call can be telling you that you’re about to be arrested if you don’t share your bank information, or—even worse—someone impersonating your child and asking for help.
- Don’t click on links in suspicious emails. Phishing emails—emails that are trying to get you to click on a link that will install malware on your computer—have gotten more and more sophisticated over the years, with senders closely mimicking real email addresses in your organization, even using real names and possibly trying to copy the writing style of people who might actually write you. To identify suspicious emails, look for inflated urgency—Click this right now or the Public Works Department will have to close!—or other enticements to open a file or click a link, as well as suspicious email addresses or language.
- Use a strong passphrase (instead of a password). A passphrase is a password that’s made of a sentence or combination of words that’s long and hard to guess. A good passphrase will be easy for you to remember because it has a personal connection with you, but hard for anyone else to guess—it could be a line (or two) from a favorite song, or a unique phrase from an experience you’ve had. Guidance for creating a strong pasphrase includes: it’s hard to guess; it has both numbers and symbols (as well as letters); and its length is 16 characters or more.
- Use multi-factor authentication (MFA). Even if hackers do get your password, MFA prevents them from being able to use it, because they still won’t have access to the phone, key, card, chip, or app that provides them with the second layer of permissions needed to get into your system.
- Limit access. Not everyone needs access to everything. Only those who actually need to use a certain software solution or system should have access to it. The fewer access points your system has, the fewer potential vulnerabilities.
2. Move Critical Software Systems and Data to the Cloud
If your local government is still running its computer network using on-premise servers, it may be exposing itself to a ransomware attack.
Moving to the cloud helps protect your system from a ransomware attack by:
Giving your data state-of-the-art protection. OpenGov uses Amazon Web Services (AWS) and Azure Government to host its data. AWS is the same system used by the Central Intelligence Agency (CIA) and Azure is the same system used by the Department of Defense (DOD). And your local government can use it, too. (It can also make sure to work with vendors, like OpenGov, who only use hosting provided by trusted sources.)
Limiting the damage if you do get hacked. If on-premise servers get hacked, the hacker will be able to access backend server files, potentially gaining control of all your data and systems. In the cloud, a single entry point for a hacker will not give them the same amount of access, instead containing the breach to where it began.
Providing backups. If you do get hacked, you’ll have backup data stored in the cloud that can prevent hackers from holding your data hostage, ensuring business continuity instead of a full shutdown due to the hack.
The big takeaway here is that you can take action instead of worrying.
Most likely, there are things you can do right now that will increase the security of your data, and decrease the chances of your organization falling victim to a ransomware attack.
Even if all you do is forward this blog post to a colleague, you will have taken a step toward improving data security in your organization.
To learn more about what you can do to prevent ransomware attacks, take a look at this in-depth ransomware guide created by the U.S. government’s Cybersecurity & Infrastructure Security Agency (CISA).
What Does OpenGov Do To Keep You Safe from Ransomware Attacks?
One of the most important things we do at OpenGov to keep our partners in local government safe from ransomware attacks is to store all of their data in the cloud.
Our data is stored with companies trusted by some of the most security-conscious organizations in the world, such as the DOD.
We’re also constantly working to improve our data security.
In early 2023, we completed the highly rigorous SOC 2 assessment as part of our ongoing commitment to ensuring that we have the best data security available for our partners.
SOC 2 is an auditing procedure that ensures service providers securely manage your data to protect the interests of your organization and the privacy of its clients.
Learn more about OpenGov’s SOC 2 assessment and its importance for local government here.