VIEWPOINT: Stay Alert: Government & School Orgs Targeted by Cyberattacks

What do Huber Heights, Ohio (population 43,439), Cullman, Alabama (population 14,775) and Scotland, Connecticut (population 1,576) all have in common? Yes, they represent a cross-section of “small town America.” They also were all victims of costly cyberattacks in 2023. Unfortunately, these municipalities are not unique in their experience with cybercrime. In 2023, government organizations and […]

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

What do Huber Heights, Ohio (population 43,439), Cullman, Alabama (population 14,775) and Scotland, Connecticut (population 1,576) all have in common? Yes, they represent a cross-section of “small town America.” They also were all victims of costly cyberattacks in 2023. Unfortunately, these municipalities are not unique in their experience with cybercrime. In 2023, government organizations and schools across the nation experienced financial loss and disruption of life-saving services, including first responder services, as a direct result of cyberattacks, such as ransomware, phishing, denial of service, and business email compromise. Municipal services are a key part of America’s critical infrastructure which makes them all high-value targets for cyber criminals. It is imperative that local-government officials not only understand the unique risks these attacks pose, but also how they can protect the vital services as smaller entities with limited budgets and staffing. Here are a few ways a municipal organization can improve defenses and become a harder target: Monitor your accounts daily. It seems simple, but daily checks can help you identify suspicious activity early. The sooner a breach is discovered, the quicker you can engage your banking institution to start its processes and prevent further loss. Time is also important in some cases where fraudulent charges only have a 24-hour window to be returned. Implement digital fraud controls on your bank accounts. The majority of cyberattacks on government entities are motivated by financial gain. Manual vigilance is a good first step, but that alone isn’t enough in an ever-changing sophisticated criminal world. Technological solutions, like Positive Pay, protect municipal accounts from many types of check and ACH fraud, and are essential for any government. Make sure your cyber-insurance and crime policies are adequate. The vast majority of businesses and government entities cannot effectively recover from cyberattacks without the incident-response expertise, breach management services and financial security of properly designed cyber and crime-insurance policies. If you don’t have one of these policies, reach out to your insurer and learn more about securing one. If you do, have a discussion to ensure your coverage is adequate. Engage your financial institution’s information security and fraud risk teams. Information sharing is key to defeating cyber criminals. Leverage free resources. The following free resources will help you assess cyber risk and prioritize controls to implement: • State, Local, Tribal, and Territorial Government Coordinating Council | CISA — The Cybersecurity & Infrastructure Security Agency (CISA) has numerous resources dedicated to assisting state, local, tribal and territorial governments to improve cyber defenses. • Getting Started | NIST — The National Institute of Standards (NIST) Cybersecurity Framework (CSF) is a popular cybersecurity risk-management framework with ample resources to help you improve your overall cyber risk-management strategy. • CIS Critical Security Controls (cisecurity.org) — A prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture, aligned with the risk-management practices in the NIST Cybersecurity Framework (CSF). The unfortunate reality is that the question is not if a cyberattack will happen to your municipality; it is when. By taking the time to ensure you have the appropriate prevention tools in place, you can help mitigate the costly and concerning impacts to your residents.
Brendan Baxter is senior VP for public sector business development at NBT Bank.
Brendan Baxter: