The amount of data that municipalities deal with has grown exponentially. Conversely, because they are often operating on a shoestring budget, local governments rarely have dedicated cybersecurity experts; they rely on their IT team to ensure security. However, that IT department often does not have the investment it requires, so holes in their security leave them vulnerable to attacks. These attacks can range from viruses to hackers to phishing.
One of the most prevalent types of cyberattacks recently is ransomware attacks. Ransomware is a type of malicious software that gains access to files or systems and blocks user access to those files or systems. Then, all files, or even entire devices, are held hostage using encryption until the victim pays a ransom in exchange for a decryption key. The key allows the user to access the files or systems encrypted by the program. These attacks often begin with an email with links or attachments that seem benign but give the hacker access to that single system followed by the network.
While it is relatively unsophisticated as cybercrimes go, these can shut down servers, expose data, paralyze 911 centers and interact with traffic management systems. “Smart cities” — that is, cities whose infrastructure relies on interconnected technologies — might be more affected, but many hacks have occurred in other municipalities as well. Again, without a dedicated IT staff and with a reliance on aging infrastructures, many cash-strapped municipalities are ripe for attack.
In the area of cybersecurity, overall, it does not appear that public entities are doing enough to mitigate risks. Using email to either communicate or to prepare and transmit meeting materials is inviting unnecessary levels of risk. Elected board members are quite likely not aware of the risks or aware of their personal liability. Of breaches that come from inside the organization, 67% are not malicious but are from errors.
Effective defense from cyberattacks ultimately depends on education and overriding the chance of human error whenever possible. Cloud-based software that is recognizable and reliable is one of the best ways to take the guesswork and human error out of the agenda creation process.
Nam facilisis elit urna, et rhoncus nibh elementum in. Morbi id convallis arcu, ac laoreet augue. Aliquam tellus dolor, fermentum quis imperdiet et, vestibulum sit amet diam.
- Utilize cloud-based software like iCompass for agenda creation & distribution of materials to the council
- Everyone involved in agenda creation, delivery, or use needs to be updated with training on cybersecurity
- Municipalities need to develop a plan for cybersecurity. If they already have one, it should be reviewed annually.
- Cities need to adopt a digital security mindset, with contingency and disaster plans in place