News Details

Ransomware – Both Terrible and Preventable

Dr. Alan Shark

Executive Director, Public Technology Institute (PTI)

As of today, individuals, companies, counties and cities are breathing a sigh of relief that there was minimal impact from last week's WannaCry ransomware attack. One of the most wide-spread cyber-security events in recent years infected hundreds of thousands of computers in over 150 countries and continues to generate front-page news coverage.

Ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. For those with old versions of Windows operating systems that had not been updated were the ones at risk for this particular attack.

It would be easy to sit back and move on without using this incident as an important wake-up call. But the continuous threat of ransomware and other forms of malware exists at all times. And while 2015 was a bad year for ransomware attacks, IBM reports that it increased 6000% in 2016. Most alarming is the fact that malware enters our systems by someone opening an attachment or link that usually looks authentic. In the government sector, most at risk are usually smaller counties and cities – including local police and health services.

It appears that most local governments have been quite good at updating and protecting their operating systems. However, the risk is always present and the bad guys are constantly perfecting their craft. Some localities have held off updating their operating systems because of concerns that the newer systems were viewed as being incompatible with some major legacy software.

Organizations that have received ransomware threats were notified that all files will become encrypted and will be destroyed unless a payment is made – often in Bitcoins – not credit cards. This ransomware threat is also impacting personal PCs – some connected to public sector information systems. Most entities wind up paying the ransom as it often relatively cheap compared with the time and cost of restoring systems.

As bad as this recent threat was, it was highly preventable. Here is what you or your IT staff can do to make your computer systems safe and secure:

  1. Make sure that whatever operating system you have - all recommended updates are current.
  2. All data must be backed up. While your IT staff do this religiously, many mobile and personal devices often get missed. A good practice is to use an offline (not network connected) external drive or subscribe to the many online backup services that does this automatically.
  3. Use reputable security software and make sure that it is set for updates.
  4. Train all employees and elected leaders on the importance of being ever so careful in opening attachments and or clicking on links.
  5. Encourage staff to quickly come forward when something doesn't look right or they clicked on something they realized a moment later they should not have. Early reporting is far better than any shortsighted punishment.

Cyber-security and protecting government systems and information consistently rank as the number 1 priority for local government IT executives. This most recent attack shows just how vulnerable our IT systems can be. And with the notoriety it has caused, this attack serves as a reminder that cyber-security is no longer just for IT professionals.

Being "security aware" involves everyone within the organization. This most recent scare should be viewed as an opportunity for local government officials to re-examine policies and procedures to protect government networks. When was the last time your security policies were reviewed? PTI recommends your cyber-security plan address each of the following areas:

  • Physical/Facility Security
  • Personnel (qualifications/access/certifications)
  • Password and Account Management
  • Data Security
  • Network Security
  • Incident Response Policies
  • Communicating with the Public/Key Stakeholders
  • Disaster Recovery
  • Employee Awareness and Training

For additional resources, visit the Multi-State Information Sharing and Analysis Center (MS-ISAC), a division of the Center for Internet Security.

This article was prepared by the Public Technology Institute (PTI). Created by and for city and county governments, PTI serves as the technology research arm of the National Association of Counties (NACo) and the National League of Cities (NLC). www.pti.org