Three ways to protect your city government from a ransomware attack

A ransomware attack on the city of Baltimore took place on May 7, 2019, and left citizens unable to pay parking fines and some tax and utility bills online. In its aftermath, city government employees are struggling to provide citizens with even the most basic of digital public services. City officials depend on IT systems to collect much-needed resources, but they also rely on them for the record-keeping needed to process real estate transactions and issue building permits.

These attacks have slowed city operations to a crawl.

Baltimore is merely another victim in a long string of recent ransomware attacks targeting city and state governments. Atlanta residents still shudder at the memory of 2018’s SamSam attack, which disrupted the delivery of city services to more than 6 million people and ultimately cost taxpayers over $9.5 million. More than 169 state and local governments are reported to have been victimized by ransomware within the past five years.

As a city government official, what can you do to ensure your computer systems won’t be harmed by this sort of attack? With ransomware seemingly growing more dangerous each year, it’s important to take these three key steps.

1. Back up, but also test your ability to restore.

It has happened in the past: organizations with complete off-site backups ended up paying hefty amounts to criminals who encrypted their systems. Why? In the case of one healthcare provider, it was because the amount of time it would have taken to complete a full restore from the backups was too long. And operating without access to critical patient health records during that period would have put lives at risk.

Simply put, a disaster recovery plan isn’t complete unless it includes a process for recovering essential files quickly enough to maintain continuity of operations. If you don’t know how long a full restore would take, you don’t know whether or not the backup systems you have in place will meet your real recovery needs.

2. Educate your employees.

Security awareness training is one of the most cost-effective investments you can make into improving your municipality’s overall cybersecurity risk profile, but only if the training you implement is memorable, and your employees take it seriously.

Teach all employees best practices for identifying phishing emails and show them how to disconnect infected devices from the network quickly (including turning off WiFi connections). More importantly, make security awareness a part of the culture your employees share as public servants and professionals.

3. Treat every file as a potential threat.

Some strains of ransomware remain dangerous even though they’ve been identified and can be detected even by simple signature-based anti-malware programs. Others use familiar or weak encryption methods that may be bypassed, sometimes even with free tools available online.

But, the most dangerous strains of ransomware are those that are novel. If you’re relying on cybersecurity tools that permit unknown files to execute on endpoint devices within your network environment, you simply have no protection against these dangerous threats.

The most effective technologies offer active breach protection, allowing you to adopt a Zero Trust approach to all incoming network traffic and unknown files. Ransomware threats are always evolving, and no single technology can guarantee protection against tomorrow’s threats. Instead, your municipality should adopt a multi-layered approach incorporating email security, data loss prevention, a secure web gateway and an advanced endpoint protection solution designed not to trust unknown executables until they’ve been proven safe.

Ransomware is a serious and significant problem. But by taking a holistic, multi-layered approach to information security overall, municipalities can do a great deal to reduce their city’s risk.

Gus Evangelakos is the Director of North American Field Engineering at Comodo. Gus commenced his career managing IT infrastructure. For the past 10 years, Gus has applied this experience as an implementation consultant, field engineer and in managing field engineers for global brands within the Enterprise Cyber Security market segment.