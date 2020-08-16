Last year, the city of Pascagoula—like many other cities around the country—suffered from a “ransomware” attack. Hackers took over city computers and locked employees out of their data and email. Phone lines were disrupted. Police officers had to begin working on pen and pad. If city officials wanted access to their computers again, the hackers said the city would have to pay a ransom.
When this happens, there is often little a local government can do to regain access to their system, aside from paying. The ransom might be in the millions, with taxpayers left holding the bill.
In today’s technical world, information is almost exclusively stored digitally, whether it be on workstations, servers, the cloud, a phone, or any number of storage devices. Hackers have realized there is a benefit for causing harm to organizations like local governments. Employees’ personal information is likely stored on the computers. For a government office, the personal information of some of your constituents will likely be on the computers.
Fortunately, the city of Pascagoula was able to, thanks to their IT experts, avoid paying the ransom and limit much of the damage to their system. But it does not always work out that way.
If you fall victim to one of these attacks, you could open your office up to lawsuits and be forced to pay to rebuild your computer network. To help you avoid this situation, here are some best practices to ensure that your office’s computers, as well as your personal computer, remain protected:
• Change your passwords every 90 days. Passwords should be long and contain a combination of upper and lower case letters, numbers, and special characters such as !, $, and &;
• Do not write your passwords down and leave them in a place that is easily accessed, like a “sticky note” next to your computer;
• Make sure your computer requires you to login when it starts. This prevents someone from finding your computer and being able to auto login;
• Do not open emails from people you do not know;
o You can often identify when an email is falsely claiming to be from someone you know by looking at the email address of the sender for spelling mistakes. For example, you receive an email claiming to be from your friend John Doe. When you look closely at the email address of the sender, though, you notice the email misspells John’s name. It’s spelled jon.doe@yahoo.com. This is a sign someone is pretending to be John;
• Do not click links or attachments in emails from people you do not know (this is the number one way hackers get access to your system);
o You can verify where a link in an email will take you by taking your mouse and hovering over the link. Do not click. You will see the address where the link will take you. If the destination looks suspicious, delete the email;
• Consult with an IT professional and adopt computer security policies for your business or government office. Make sure all employees adhere to the policy’s requirements;
• Never leave storage devices, such as flash drives and external hard drives, where they can be stolen;
• Ensure that those storage devices are encrypted and require a complex password;
• Never provide your computer or email password to any website;
• Never share your username, password, or any identifiable information to any person that asks for it;
• Never share any network credentials, like WIFI passwords, with anyone outside of your organization or family; and
• Never give anyone access to your computer without consent from your organization’s technology department. This includes remote access and direct access.
As State Auditor, I work hard to ensure that the state’s public money remains safe and secure, but my dedicated staff and I cannot do it alone. We need your help. Please consider these safety tips. Don’t put your office at risk. Don’t put the taxpayers on the hook because you clicked on a bad link. Don’t risk all the data on your computers. A little prevention can go a long way.
SHAD WHITE is the 42nd State Auditor of Mississippi