Earlier this year, the city of Baltimore, Maryland, fell victim to a ransomware attack that turned the entire city on its head. A group of hackers took control of all government computers, requesting 13 bitcoins, or approximately $76,280, to release the stolen files back to the city. This event not only cost the city millions of dollars—an estimated $18.2 million in total—it also disrupted various government programs and departments across the city, from phone system interference to halted water bills and property tax payments.
This type of cyber attack isn’t new—and it isn’t unique to Baltimore, either. In fact, there have been more than 100 public sector ransomware incidents reported in 2019 so far, up from 51 in 2018. Beyond devastating economic repercussions, these events put sensitive citizen information at risk. Public sector organizations are especially susceptible because they manage valuable information about their constituents, such as social security numbers and fingerprints.
Cybersecurity Awareness Month may have just ended, but that doesn’t mean you should stop prioritizing security and compliance. While there is no way to guarantee immunity to these incidents, there are steps you can take to protect yourself and your agency.
Ransomware and Social Engineering 101
Before you can prevent a cyber attack, it’s important to determine exactly what it is and how it could impact your organization. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) defines ransomware as "a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid." It is usually spread through phishing emails or unknowingly visiting an infected website.
According to CISA, agencies can take a number of precautions to minimize the risk of a ransomware incident, like ensuring employees regularly update their software and backup data.
Your staff may also be susceptible through what’s known as social engineering. Unlike ransomware, which relies on access to hardware or software, hackers exploit vulnerable employees to gain access to sensitive information about them or their organization. The most common example is phishing, or the act of using email or social media to trick individuals into disclosing.
Implementing a Cyber Security Training Plan
Once you understand the cyber security risks your public sector agency faces, you need to equip staff with the tools to avoid and prevent them. A smart way to do this is to incorporate cyber security content into your compliance initiatives.
In fact, some states have already introduced legislation that requires public sector employees to complete cyber security training. In Texas, for example, this includes employees who perform at least 25% of their job on a computer and local government employees who have access to a municipal computer system and database. Elected and appointed officials must participate as well, regardless of how much technology they use.
Internal leadership and third-party vendors are also developing training programs with course content that covers what Texas’s Department of Information Resources has designated "the principles of information security." The goal? Teach employees how organizational data is stored and educate them about basic cybersecurity threats.
But Texas isn’t the only state investing in these types of programs. Others, including Florida and Louisiana, have adopted mandatory training. Meanwhile, states like Maine and Massachusetts offer voluntary sessions.
Regardless of whether or not your state provides these opportunities, you can take steps to ensure your employees don’t fall for an attack. The National Initiative for Cybersecurity Education (part of the National Institute of Standards and Technology) contains several resources to help organizations implement effective courses. Think about how you can tailor this content to your employees; then, do your research. Determine what type of learning format would best resonate with your workers: Do they prefer to learn on the go? Maybe they respond best to bite-sized microlearning courses. Whatever their preference, find software that meets those needs. After all, a cyber attack could happen to any organization, at anytime. Your employees need to be prepared—before it’s too late.
One possible starting point? Cornerstone Content's free cybersecruity classes.
Image: Creative Commons
関連資料
製品やお客様事例、最新の業界のインサイトなどをご紹介しています。
電子書籍
新しい世界に向けた仕事の再構築:2024年のHRトレンド予測
貴社では、昨今の急激なビジネスの変化のスピードにどの程度対応できていますか? 従業員を対象にした調査によると、41%が自分のスキルを伸ばすために必要なものを持っていないと考えており、59%がさらに多くのキャリアガイダンスを求めているという結果が出ています。そこでこれまで以上に重要になるのが、HR担当者が最新のトレンドを把握し、それが従業員や組織にとって何を意味するのかを理解して活用することです。例えばAIはトレンドの1つですが、60%以上の組織では、人財開発プログラムの最適化にAIテクノロジーを活用していません。
ブログ投稿
採用から退職まで、タレントエクスペリエンスプラットフォームは職場をどう活性化するのか
あなたの職場がハイオクエンジンだとしましょう。そして、現在使っているモデルを、市場で最も洗練された高性能なコンポーネントに交換できると想像してみてください。それこそまさに、タレントエクスペリエンスプラットフォーム(TXP)が組織のタレントマネジメントエンジンにもたらすものにほかなりません。
お客様事例
SBCメディカルグループ:急成長の核となる役職者の早期/大量育成に向けスタッフの属性に応じた教育をきめ細かく提供
国内美容クリニックの最大手として、湘南美容クリニックをはじめとする各種クリニックを展開しているSBCメディカルグループ。「2035年に1,200クリニック開院」などの目標を掲げて躍進を続ける同グループで課題となったのが、クリニック数の拡大に不可欠となる看護師などの役職者を早期かつ大量に育成できる研修プラットフォームを整備することでした。同グループはコーナーストーン・ラーニングCSXにより、スタッフの職種や入社年数などの属性に応じて受講する研修をきめ細かく指定可能なオンライン研修プラットフォーム「SBC Passpor(通称:Sぽ〜と)」を構築。全国のクリニックで働く多忙なスタッフが、それぞれの目標に向けて必要な研修を確実に受講できる環境を整えました。