John F. Kennedy once said, “The time to repair the roof is when the sun is shining.” Unfortunately, for some governments such as City of Baltimore or the City of Atlanta who came under attack, the sun is not exactly shining as they battle ransomware on their systems – spending significant amounts of time and money to get back to normal operations. And they are not alone; ransomware is on the rise for governments as a whole.
If you are one of the fortunate governments that have not experienced ransomware, let’s keep it that way! Here are five steps to help you get started:
- Establish and improve your security program. It’s time for these conversations to move from the server room to the board room. Do you know the maturity of your government’s security program? Do you know if all your systems are up to date? Do you know if your government has adopted any leading practices for security controls? These are just some questions that leaders need to be asking their IT staff to ensure their government has protections in place. We know these topics are technical and can take awhile to understand, but you can gain this knowledge in time.
- Train your employees in cybersecurity awareness. Ransomware commonly enters the government’s network because an employee inadvertently clicks on a fraudulent link. Many employees are just not aware of the risks and are unknowingly exposing their governments to possible ransomware attacks. Training employees regularly can significantly reduce your risks. For a free, interactive 90 minute employee training that promotes cybersecurity awareness, see the additional resources section below.
- Back up your files. Ransomware will render your files useless unless you pay the demand, and even that is not a guarantee – remember, these are criminals! But if you have a working backup, then you can restore your files and resume business as normal. All too often, we see governments with ineffective backup processes that fail to work when needed. We’ve also seen governments that have backups, but their restoration process would take months — a very long time to wait for systems to work again! Some tips include:
- Make sure all the important data you need is included in your backup process.
- Test your backups regularly to make sure they restore as expected.
- Make sure you have an off-line backup, something hackers cannot reach if they gain access to your network and encrypt or lock down your files
- Make a plan so that you can restore systems promptly and efficiently
- Have a plan for how to respond in case of cyber attack. For example, who you are going to call? Just like a 911 emergency, you do not want to be mulling over who to call in times of crisis. Also, many governments need to outsource, or at least partner with an outside contractor for help should the systems go down due to a cyber incident. Do you have that arranged so you will have help when you need it? In addition, do you know your critical systems and what you want fixed first? In a crisis, it is easy to get overwhelmed amid pressures to fix everything. You must prioritize how you dedicate resources to restore operations. These are just a few considerations to convince you that a plan is needed!
- Be prepared to operate off-line if needed. If you were to lose access to your systems, can you operate manually while you wait for those systems to be restored? For example, how would you process payroll or make payments to vendors? This requires some forethought and planning.
If you are interested in learning more about ransomware and what you can do to protect your government, here are is an upcoming free webinar sponsored by the National Cyber Security Alliance that we urge you to sign up for:
- OCTOBER 29: Part 2: Why State and Local Governments are Prime Targets for Ransomware: https://staysafeonline.org/event/part-2-why-state-and-local-governments-are-prime-targets-for-ransomware/
For additional resources:
- MS-ISAC Security Primer – Ransomware: www.cisecurity.org/white-papers/security-primer-ransomware/
- CISA tip sheet on ransomware: www.us-cert.gov/Ransomware
- See CIS Control #10 backup and recovery plan: www.cisecurity.org/cybersecurity-best-practices/
- CIS – Want to keep your data? Back it up! www.cisecurity.org/newsletter/want-to-keep-your-data-back-it-up/
- US-Cert data backup options: www.us-cert.gov/sites/default/files/publications/data_backup_options.pdf
- Free employee training (90 minutes) from ESET.com: www.eset.com/us/cybertraining/