After the city of Atlanta suffered a major ransomware attack earlier this year, other municipal governments have started confronting a serious question: how will they respond if a cyberattack occurs? Scott Tousley, a cybersecurity director for the Department of Homeland Security recently called the Atlanta incident “one of those red blinking lights that people talk about — it’s a warning bell.”
Tousley added that a number of factors make future attacks more likely — and up the ante on how cities big and small should react. With mobile technologies expanding, the widespread proliferation of Internet of Things-connected devices, and so much data being collected in this privacy-obsessed day and age, future challenges will arise.
The city of Houston recently approved the purchase of $30 million in cyberinsurance, which in the event of an attack can cover crisis response, recovery of losses, and the satisfaction of legal claims. City of Atlanta officials have also begun talking about the lessons they learned from the incident, which affected hundreds of internal and customer-facing online services.
The biggest lesson, according to Ria Aiken, Atlanta’s Director of Emergency Preparedness, is that the city has prioritized the adoption of a “culture of cybersecurity” that can meet today’s threat landscape: “We know that what we think we’re planning for today may look different coming down the road,” Aiken told SmartCitiesWorld.com
So how can you build a “culture of cybersecurity” at your business?
• Perform a cybersecurity assessment.
This inventory of information systems can help your business focus on the locations of and access to sensitive data. Then, a risk assessment can be performed to identify threats and vulnerabilities that are relevant to those specific data elements. User access reviews can ensure no former employees or bad actors are currently in your system — and that you’re not paying for access you’re not using. More importantly, such an assessment can allocate the correct access to the relevant data for the right people in your company.
• Implement comprehensive network security.
CMIT Solutions’ philosophy on IT service is proactive, not reactive: we monitor our clients’ systems 24×7 so that we can identify, prevent, and resolve issues before they affect productivity, efficiency, and security, not after they’ve already incurred downtime. From firewalls to anti-virus, anti-spam, and anti-malware software to data encryption to content filtering and other targeted tools, we believe the “umbrella” approach gives businesses the best chance to stay secure.
• Be diligent about email attachments and links.
There’s no easier way for hackers to access your information (including usernames and passwords — the holy grail of social engineering attempts) than through malware installed after a user opens an infected email attachment or clicks on a link that redirects to suspicious sites. The main takeaway here is DO NOT CLICK ON ANY EMAIL ATTACHMENT OR EMBEDDED LINK UNLESS YOU TRUST THE SENDER OR SOURCE AND ARE EXPECTING SAID ATTACHMENT OR LINK.
• Take password management seriously.
This goes beyond simply creating strong and unique passwords that use a random mixture of upper-and lower-case letters, numbers, and symbols. It also includes smart management of the passwords you create: using two-factor authentication whenever possible, employing a password management tool, and monitoring social media accounts and email addresses (especially those you don’t use very often) for unusual activity. Training employees is important, too — the first line of security almost always lies with the people your business employs and the devices they use day in and day out.
• Treat your data like the life of your business depends on it.
Guess what? It probably does. How long could your business operate without its critical information? How quickly would you need it to be recovered to bounce back from a catastrophic event? Studies show that backup and disaster recovery is integral to business success — the Small Business Administration estimates that 45% of companies that suffer from data loss never recover. Maintaining the security of your data is one thing, too — making sure it’s around to be kept safe is another. Without a redundant and repeatable process for regular data backups, you’re flying blind with your company’s most valuable asset. Backing up your data on a regular basis, then implementing recovery and virtualization plans in case of disaster, can provide 100% protection for your information.
• If you’re in an industry like health care, legal, or financial, the smallest breach could have significant civil and criminal ramifications — and cost your company big money.
The 2018 Ponemon Data Breach report revealed that the average loss per compromised record for the technology industry was $165, while in financial services it was $245. In health care, the average cost of a compromised record was $380 — and that’s per record or person whose data is breached. Multiply that, say, by the 41 million accounts compromised in the Target data breach and you’ll see why cities like Houston are investing in cyberinsurance.
Comprehensive data security is difficult to achieve, but in this day and age, it’s more important than ever. From desktop and laptop computers to mobile devices and data storage drives, your technology deserves overall protection. If you want to know more about the recent wave of data breaches and how it affects you and your business, contact CMIT Solutions today. We worry about IT so you don’t have to.