It seems not a day goes by without a news headline about a cyber attack or data breach. The cyber attacks surrounding companies such as Target or Home Depot have become widely-known news stories. Cyber criminals continue to grow smarter in their ability to infiltrate data and information systems, while companies – both large and small – struggle to prevent these attacks.
Much of the attention in the media focuses on traditional companies. But the public sector – your cities, towns, counties and schools – store an enormous amount of personal, confidential data, and are just as much at risk as a private businesses. And when a public entity faces a cyber attack, it’s the taxpayers on the hook. In Indiana, we need to look no further than Madison County, where cyber criminals attacked the county’s computer network with ransomware. This cyber attack paralyzed the 911 call center, the jail, and other crucial public services. Ultimately, a ransom was paid and services and data restored, but not until after a cost of more than $200,000.
So what should public sector leaders do about this growing threat?
- Recognize you’re not immune. Your school district, your city, town or county, is not immune simply because you are a public organization. Cyber criminals attack the vulnerable, regardless of industry or organization size.
- Assess the depth of your exposure. Do you accept credit card payments for water or sewer bills? How is that information collected and stored? Does your school’s central office store thousands of confidential health records and personal information of your students? Of course it does. These are just a few of the possible areas of concern.
- Commit to prevention. In the face of shrinking local government budgets, perhaps your IT department has been cut in recent years. This may not be the wisest area for trimming given the growing risk. You may need to commit additional resources, including outside expertise.
- Have a financing mechanism in place. Despite your best efforts to recognize, assess and prevent, attacks can still happen. Make sure your insurance policies properly address the depth of your cyber risk. Cyber insurance is not standardized or created equally. Know what you have, so your taxpayers aren’t left holding the bag.
Not confident in the risk management plan for your public entity? Reach out to your MJ consultant or contact Ryan Goodwin at 317.805.7500 or firstname.lastname@example.org.