, ,

Avoiding Ransomware Horror Stories

Like horror movie monsters, ransomware can seem unstoppable. Seemingly daily, this malicious software disrupts new governments. For victims, choosing between paying attackers and losing data frightens the entire public sector.

How can agencies avoid such terrifying predicaments? At every level, business continuity is key. By strategizing about business continuity, agencies can prepare for – and recover from – ransomware and other interruptions.

On Wednesday, during GovLoop’s latest online training, three government thought leaders discussed how agencies can survive ransomware. The group included:

  • Michael Sherwood, Chief Information Officer (CIO), Las Vegas, Nevada.
  • Kimberly Muhr, Network Analyst for St. Charles Community Unit School District 303, St. Charles, Illinois.
  • Jason Frame, CIO, Southern Nevada Health District.

Wednesday’s speakers shared three tips for helping agencies focus on their constituents and missions rather than ransomware:

1. Never stop moving

Like it or not, ransomware attacks can hit anyone anytime. While deeming ransomware inevitable might seem counterintuitive, this approach can ready agencies for danger so they rebound quickly.

“If you haven’t started planning, start that now,” Frame said. “This is a non-stop process of constant change.”

Continuous learning can help government workforces understand and prepare for ransomware and other cyberthreats.

Frequently testing continuity of operations plans (COOP) can also ensure no one is caught off guard should disaster strike.

2. Vet your vendors

No agency wants to become a ransomware victim for reasons outside its control. To avoid shocks, agencies should carefully consider the technology vendors they leverage.

“Remember the vendors that allow access to your systems,” Muhr said. “A lot of times ransomware attacks may be coming in from an external vendor doing work for you.”

Vulnerabilities can additionally emerge inside agencies. Cybercriminals frequently exploit users’ trust to launch ransomware campaigns.

For example, attackers may send government employees a fake business invoice that appears legitimate. Deceptions like these allow bad actors to seize information from their prey.

3. Make life harder for cybercriminals

Once cybercriminals steal a person’s password or other credentials, proving that user’s legitimacy grows trickier. Multi-factor authentication (MFA) offers agencies a way around this pitfall.

MFA protects assets like data and websites by asking users for two or more items confirming their identity. Typically, MFA demands evidence only the user knows (a birthplace) or has (a random email token). Sometimes, MFA even asks users to prove themselves with unique personal characteristics like fingerprints.

“If your agency is not using multi-factor, you need to get on that right away,” Frame said. “It will stop a lot of these attacks.”

The bottom line

Governments provide more products and services digitally than ever, so readying for ransomware is critical for serving constituents and earning mission wins.

“People depend on these government services for their day-to-day lives,” Sherwood said. “Anytime an organization is impacted by ransomware, it erodes the trust of that community.”

This online training was brought to you by:

Leave a Comment

Leave a comment

Leave a Reply