Billet de blog

Don’t Let the Hackers Win: How State and Local Governments Can Avoid Cyber Attacks with Security Training

Cornerstone Editors

Earlier this year, the city of Baltimore, Maryland, fell victim to a ransomware attack that turned the entire city on its head. A group of hackers took control of all government computers, requesting 13 bitcoins, or approximately $76,280, to release the stolen files back to the city. This event not only cost the city millions of dollars—an estimated $18.2 million in total—it also disrupted various government programs and departments across the city, from phone system interference to halted water bills and property tax payments.

This type of cyber attack isn’t new—and it isn’t unique to Baltimore, either. In fact, there have been more than 100 public sector ransomware incidents reported in 2019 so far, up from 51 in 2018. Beyond devastating economic repercussions, these events put sensitive citizen information at risk. Public sector organizations are especially susceptible because they manage valuable information about their constituents, such as social security numbers and fingerprints.

Cybersecurity Awareness Month may have just ended, but that doesn’t mean you should stop prioritizing security and compliance. While there is no way to guarantee immunity to these incidents, there are steps you can take to protect yourself and your agency.

Ransomware and Social Engineering 101

Before you can prevent a cyber attack, it’s important to determine exactly what it is and how it could impact your organization. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) defines ransomware as "a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid." It is usually spread through phishing emails or unknowingly visiting an infected website.

According to CISA, agencies can take a number of precautions to minimize the risk of a ransomware incident, like ensuring employees regularly update their software and backup data.

Your staff may also be susceptible through what’s known as social engineering. Unlike ransomware, which relies on access to hardware or software, hackers exploit vulnerable employees to gain access to sensitive information about them or their organization. The most common example is phishing, or the act of using email or social media to trick individuals into disclosing.

Implementing a Cyber Security Training Plan

Once you understand the cyber security risks your public sector agency faces, you need to equip staff with the tools to avoid and prevent them. A smart way to do this is to incorporate cyber security content into your compliance initiatives.

In fact, some states have already introduced legislation that requires public sector employees to complete cyber security training. In Texas, for example, this includes employees who perform at least 25% of their job on a computer and local government employees who have access to a municipal computer system and database. Elected and appointed officials must participate as well, regardless of how much technology they use.

Internal leadership and third-party vendors are also developing training programs with course content that covers what Texas’s Department of Information Resources has designated "the principles of information security." The goal? Teach employees how organizational data is stored and educate them about basic cybersecurity threats.

But Texas isn’t the only state investing in these types of programs. Others, including Florida and Louisiana, have adopted mandatory training. Meanwhile, states like Maine and Massachusetts offer voluntary sessions.

Regardless of whether or not your state provides these opportunities, you can take steps to ensure your employees don’t fall for an attack. The National Initiative for Cybersecurity Education (part of the National Institute of Standards and Technology) contains several resources to help organizations implement effective courses. Think about how you can tailor this content to your employees; then, do your research. Determine what type of learning format would best resonate with your workers: Do they prefer to learn on the go? Maybe they respond best to bite-sized microlearning courses. Whatever their preference, find software that meets those needs. After all, a cyber attack could happen to any organization, at anytime. Your employees need to be prepared—before it’s too late.

One possible starting point? Cornerstone Content's free cybersecruity classes.

Image: Creative Commons

Ressources similaires

Vous souhaitez continuer à apprendre ? Découvrez nos produits, les témoignages de nos clients et les actualités du secteur.

Améliorer l'environnement de travail : quand la technologie RH redéfinit la culture d'entreprise

Billet de blog

Améliorer l'environnement de travail : quand la technologie RH redéfinit la culture d'entreprise

Constamment confrontés à l'évolution rapide des tendances, nous savons le rôle vital que jouent la culture d'entreprise et la technologie dans la création d'un environnement de travail agréable, sain et productif. Si nous sommes tous tournés vers l'avenir, nos responsables RH sont, eux, à l'avant-garde de la gestion des talents. Ils connaissent mieux que quiconque le paysage changeant du travail et l'impact transformateur des technologies. Partant des enseignements que nous livrent notre Index de la Gestion des Talents et le rapport Prédictions RH 2024 Réinventer le travail pour un monde nouveau, voyons comment les technologies RH changent la donne et révolutionnent nos modes de travail.

Planifiez un entretien personnalisé

Discutez avec un expert Cornerstone pour savoir comment nous pouvons répondre aux besoins spécifiques de votre organisation en matière de gestion du personnel.

© Cornerstone 2024
Mentions légales