Data breaches affect businesses of all sizes, in every industry, across North America. But one sector that\u2019s been particularly impacted is government, from local to county to state. These institutions often struggle to respond to ransomware infections, system intrusions, and cyberthreats, leading more hackers to target them.<\/p>\n
In fact, since 2017, more than 3,600 local, tribal, and state governments have been hit by ransomware, according to the Multi-State Information Sharing and Analysis Center, part of the nonprofit Center for Internet Security. One recent example stands out and demonstrates just how bad a data breach can be:<\/p>\n
On September 8, in Suffolk County, on the easternmost end of Long Island, New York, antivirus software alerted county officials to a problem with online systems connecting more than 20 county agencies. That prompted a shutdown of everything from police department databases to tag and title systems, bringing online payments, email communications, and real estate transactions to a halt.<\/p>\n
The attack was carried out by a well-known hacking organization called BlackCat, or ALPHV, which is notorious for stealing data from companies around the globe and threatening to sell it on the dark web if a ransom isn\u2019t paid for its return. The hackers claimed to steal four terabytes worth of personal information, including court records, driver\u2019s license numbers, and bank account details.<\/p>\n
To deal with the hack, Suffolk County made an unusual decision: \u201cWe were just going to turn off the Internet to further contain this,\u201d Lisa Black, chief deputy executive for Suffolk County, recently told The New York Times. \u201cWe were going to revert to 1990.\u201d That meant replacing wire transfers with hand-signed paper checks, sending government documents by fax instead of email, and even transcribing 911 calls by hand\u2014all while county staff tried to manually clean infected computers and restore lost files.<\/p>\n
Some emergency systems came back online in October, but other parts of Suffolk County operations remain hobbled nearly three months after the original hack. Title searches for home sales are still being conducted on 125 replacement terminals sent to Suffolk by the state of New York. Just before Thanksgiving, the county admitted that personal information from nearly 500,000 traffic tickets had been leaked, and it\u2019s still impossible to pay those tickets either in person or online. Email accounts for county employees were finally restored, but archived messages had disappeared. And the county comptroller still has to sign checks by hand.<\/p>\n
Many cybersecurity experts said that Suffolk County had failed to proactively prepare for such a scenario. Earlier this summer, the outgoing county clerk had asked for a dedicated firewall to protect vulnerable data, but her request was rejected. But others argued that these types of hacks were difficult to rebuff, pointing out that even global corporations often fell victim to coordinate ransomware attacks. \u201cAt the local government level, you don\u2019t have the resources or ability to respond to what amounts to [a] nation-state style attack,\u201d Michael A.L. Balboni, president of a consulting firm hired to help Suffolk County respond, told The New York Times. \u201cAnd it\u2019s unrealistic to expect them to.\u201d<\/p>\n
Still, there are steps that every company can take to be better prepared for the inevitability of a digital attack. Below, CMIT Solutions collects seven tips that can help businesses across North America increase their cybersecurity protections and respond to cyber incidents.<\/p>\n
1. Implement multi-factor authentication (MFA).<\/strong>\u00a0This can serve as the first line of defense against system intrusions that take advantage of stolen or weak passwords. MFA is an authentication method that requires a user to combine something they know (a password) with something they have (a unique code delivered via text or email, or a push notification to a mobile device). A standard in the business world, MFA has been slower to roll out for local government agencies like those in Suffolk County.<\/p>\n 2. Update legacy software and hardware.<\/strong>\u00a0Like many local governments, Suffolk County was still conducting many critical operations on outdated platforms that they had yet to modernize. After the September attack, the county increased its 2023 operating budget by $9 million to fund upgrades and cybersecurity measures. But that might qualify as too little, too late since many digital operations could not be moved to more secure or updated applications. Often, simply neglecting to install a critical software update can lead to cybersecurity problems. Taking a proactive approach means deploying patches and updates automatically and during off hours when they won\u2019t affect employee productivity.<\/p>\n 3. Enhance system monitoring.<\/strong>\u00a0Suffolk County\u2019s antivirus software did its job by alerting executives to the ransomware attack once it started. But more robust protections could have blocked the infection from ever taking root. Such protections include intrusion detection tools like SIEM\/SOC that can identify vulnerabilities before they\u2019re exploited; network traffic analysis that can recognize indicators of suspicious activity; and advanced firewalls to provide stronger security for sensitive data.<\/p>\n 4. Increase email protection.<\/strong>\u00a0Employees looking for phishing attempts or suspicious messages are no longer enough. Instead, enhanced email monitoring can automatically detect dangerous links or illicit attachments, quarantining questionable messages in sandboxes for further review. Automated tools can also flag emails that may appear legitimate but actually contain misspelled domain names or poorly written subject lines, altering email rules to prevent them from ever landing in your inbox.<\/p>\n 5. Keep track of unused devices, ports, and endpoints.<\/strong>\u00a0Local government agencies and small businesses often struggle to offboard departing employees and deactivate old or unused devices. But these can represent easy targets for hackers. A trusted IT partner can help you monitor device activity and detect irregularities to prevent unauthorized access. Remote Desktop Protocols (RDPs) are also deserving of a close watch, as this common tool used in today\u2019s hybrid workplace can be exploited to infiltrate a user\u2019s computer and change administrative settings, which can lead to hacks.<\/p>\n 6. Prioritize data backups.<\/strong>\u00a0One way to mitigate ransomware attacks is to have reliable, remote, and redundant data backups that can be recovered and installed on systems after they\u2019re wiped clean. Free consumer solutions like Google Drive and Dropbox aren\u2019t enough for most businesses, either, with cloud-based enterprise backups a must. Testing those backups before an emergency strikes is critical, as well\u2014to ensure that they\u2019re functioning properly and to know how to quickly restore that data in the event of a manmade or natural disaster.<\/p>\n 7. Suspect you\u2019ve been hacked?<\/strong>\u00a0Call an IT provider immediately. Quick-thinking action can often minimize the impact of a data breach or ransomware infection and contain spread before it affects interconnected systems. If you see a message claiming to have encrypted your files, or you think you\u2019ve been breached, shut down your computer immediately and unplug it from all Internet connections and local networks. If needed, a cybersecurity expert can help you modify your company\u2019s public IP address so that any information shared on the dark web is no longer connected to your current system settings.<\/p>\n CMIT Solutions is committed to helping clients of all sizes to prepare for and protect against data breaches and ransomware infections. We work with local governments, mom-and-pop shops, and multinational corporations alike to defend data, secure networks, and empower employees to work productively and efficiently.<\/p>\n