During the past few months at various events and conferences in multiple states, we have seen cities taking ransomware seriously. But a consistent theme encountered as we talk to cities is an inconsistent and noncomprehensive approach taken. Some cities respond, “We have antivirus.” Others respond, “We back up our data.” Let’s look at the silo approach of “Our data backup solves our ransomware problem. If we get hit with ransomware, we’ll just restore our data.”
Not quite.
Data backup and disaster recovery is crucial as part of a strategy against ransomware and viruses. However, that focus on such an important part of a ransomware strategy may make cities think it’s the only answer.
Here’s why data backup and disaster recovery, by itself, is not the full answer to your ransomware worries.
1. Disruption to your operations
Just because you can restore your data doesn’t mean that ransomware won’t disrupt your operations. After the initial shock and halt to your operations, it takes some time to restore data. It’s a complex process, and all your backed-up data may not be immediately available after recovery.
What happens in the meantime? Disruption. Employees who cannot do their job for days (and possibly even weeks). Citizens not served by your city—not able to make payments, get business licenses, or find information. Ripple effects that can last weeks or months.
To prevent disruption, you need strategies and tools that include:
- Endpoint detection and response (EDR) software: Antivirus software is no longer good enough to protect your municipality from ransomware. By both preventing cyberattacks and detecting attacks if they get inside your network, EDR can stop many ransomware viruses from ever deploying inside your systems.
- Software patches: Patches shore up security vulnerabilities, which ransomware creators often exploit.
- Antispam software: According to Trend Micro, “The email gateway continues to be ransomware’s top infection vector.” Antispam software (built into a business-class email system) can help stop a lot of ransomware emails from ever reaching an employee’s inbox.
2. Data security
Backing up and restoring data does not necessarily mean you are taking data security seriously. When ransomware hits, criminals have accessed your data, encrypted your data through their virus, and potentially stolen your data by uploading a copy over the internet. This means you’ve opened yourself up to a security incident.
The biggest issue that some cities ignore is security around data access. Some best practices include:
- Password policies: The easier it is to guess your password, the easier it is for a data incident to occur. Criminals can more easily access your systems if passwords are shared or easy to guess.
- Authorization policies: Do you have a process for authorizing employees and third-party users from accessing your software and systems? Experienced IT engineers need to manage user access and accounts—and then employees need to adhere to strict policies around who gets access.
- IT systems best practices: Many times, city staff or local IT vendors set up systems with holes. Firewalls, routers, and servers are like an abandoned house with doors and windows open everywhere. Hackers easily get inside when your systems are unsecured and misconfigured.
Just because you can restore an abandoned house to its previous condition doesn’t mean you should be living in an abandoned house!
3. Compliance
Federal, state, and local laws, policies, and ordinances require that you protect and secure specific information such as
- Tax information
- Public safety information
- Payment information
- Personnel information
- Open records and FOIA requests
Simply backing up but not securing this information doesn’t put you in compliance with the law.
4. Liability
Data backup alone will not reduce your liability. A successful cyberattack may lead to paying expensive claims. Plus, insurance companies will penalize you by raising your premiums if your risk of a cyberattack is high—whether through past cyberattacks or the current state of your IT. Even municipal bond ratings are at risk if your cybersecurity is poor.
Safeguarding against cyberattacks requires a proactive, not a reactive, security mindset.
5. Accountability
Cities may still think of cybersecurity as solely an IT problem. In the past, viruses and malware may have affected servers and computers that were not crucial to a city’s operations.
Today, cybersecurity is everyone’s responsibility as city operations significantly (and moving toward completely) rely on information technology. Only with leadership and employees fully involved in carrying out cybersecurity policies will a city become better protected.
- Leadership needs to take the lead on creating cybersecurity policies, ensuring funding exists to modernize and secure IT systems, proactively focusing on preventative security measures, and including ongoing cybersecurity training as part of an employee’s job.
- Employees need training that gives them awareness because many times they are the ones who let viruses and ransomware in the door—despite the best IT precautions. Training needs to cover updates about cyber threats like ransomware, hacker tactics (like phishing), cyber hygiene (like not clicking on dangerous email links or websites), social media policy reviews, and reinforcing policies about authorized access to information.
Protecting yourself against ransomware must go far beyond simply acquiring a good data backup and disaster recovery solution. Letting hackers into your systems, disrupting your operations, and only placing the responsibility of information security onto your IT staff or vendor means placing yourself at risk—including financial, legal, and operational risk.
Data backup and disaster recovery is a crucial tool to help you fight ransomware. But it’s only part of the picture. Sadly, the bad guys are winning as cybercrime is now a $1.5 trillion (yes, with a “T”) criminal industry.
Need guidance on how to combat ransomware? Reach out to us today.