Baltimore, Atlanta, San Diego, Newark, Colorado, Los Angeles, San Francisco, Cleveland.
These are just some of the state and local governments that have been crippled by ransomware attacks in the last two years. And, according to Mike Christman, former head of the FBI’s cybercrime unit, “[w]e should prepare for the possibility of a major city’s 9-1-1 system being held hostage” in the near future.
But while the odds seem to be stacked against municipalities, Tom Pace, Vice President, Global Enterprise Solutions & Analyst Relations at Blackberry Cylance, says there are some straightforward steps that cyber teams can take to avoid becoming the next victim. In a recent interview with CBS’s Scott Pelley and 60 Minutes producer, Henry Schuster, Pace shared the advice he typically gives to Blackberry Cylance’s clients.
Strategy 1: Do a Reality Check on Your Email
Phishing attacks launched via email are the most common vector for ransomware attacks, it’s therefore essential for all state and local government employees to be able to identify the hallmarks of a phishing email. “Look for misspelled words, or strange phrases,” shared Pace. “Also, be cautious about clicking on links in emails from people you don’t know,” he continued. “Even if you do know the sender check links for misspellings of a company name, or other subtle irregularities.”
Strategy 2: Don’t Click on the Attachment
In the same vein as the first strategy, Pace cautions against opening email attachments unless you’re expecting them from a trusted source. “If you do receive an unexpected attachment, even from a trusted source– especially a PDF, zip file, or .exe – email the sender to ask if they sent a file,” Pace advised.
Strategy 3: Patch, Update, Repeat
Pace’s third strategy – to patch, update, and repeat – is a first principle for cyber security professionals but one that can never be repeated too often. When a software provider or OEM releases a patch or update, install it right away, whether it’s for a desktop, laptop, or phone, Pace advises, since this is the easiest way to avoid becoming ground zero for a ransomware attack. For those who are responsible for cyber safety and security of municipal networks a ransomware attack is, according to Pace, “the worst day of their professional lives.”
With more and more ransomware readily available as “off-the-shelf and ready to go,” according to Pace, it’s more important than ever to practice good cyber hygiene. While every state and local government agency should expect to be attacked, there’s no reason that this attack should be successful. With a few smart strategies, state and local government agencies can not only avoid paying the ransom and the uncomfortable headlines but can also avoid sending their employees back to the “age of paper” and continue to deliver the services that citizens need.