Ransomware and phishing attacks continue to make headlines and disrupt local government operations. Recently, 23 local governments in Texas were hit with a string of coordinated ransomware attacks. This is in addition to recent attacks in Florida, Louisiana, Georgia, and Maryland.
Ransomware and phishing attacks present not only a potential financial loss in terms of paying a criminal, but also include the potential loss of data, disruption of operations, cost of repairing and restoring systems, and the reputational risks associated with the loss of trust.
October is National Cybersecurity Awareness Month (NCSAM), a time to raise awareness about the importance of cybersecurity and the importance of taking proactive steps to enhance cybersecurity.
The theme of this year’s observance is: Own IT. Secure IT. Protect IT.
There are numerous resources and articles to review when observing NCSAM, including a 2019 Cybersecurity Toolkit released by the Public Risk Management Association (PRIMA). Their toolkit is focused on five areas: Social Media Safety; Phishing Threat; Safely Obtaining and Storing Data/Information from the Public; eCommerce Risk: Protect Your Transactions; and Preparing for and Responding to a Cyber Attack.
VRSA’s Chief Information Officer Karen Inman and VRSA Director of Member Services Marcus Hensel recently shared two blog posts on the subject of cybersecurity, including Should you pay a ransom?, and Breaking down cyber insurance and resources available.
In each of these resources, you will find that the number one recommended way to mitigate losses due to cyber-attacks is to have appropriate controls in place and by training your employees.
Fortunately, VRSA provides a number of training and educational resources for members to use.
On Wednesday, Nov. 6, VRSA members are invited to join staff for a Cyber Roundtable to discuss data and security challenges faced by public entities. VRSA staff will facilitate an open discussion and provide quick presentations on: VRSA Cyber Coverage and technical controls; physical site assessments; and awareness and training.
VRSA members purchasing Cyber Liability Coverage have access to risk management support through YourCISO. Through YourCISO, organizations can identify strengths, weaknesses and gaps in your information security through the YourCISO Security Health Check.
This comprehensive analysis tool takes a broad approach to identify gaps in your security operation by assessing: access control and operations security; physical security; systems maintenance; compliance; business continuity management; suppliers; and more.
The tool provides a score for each section, as well as an overall risk score and gap report to identify areas where security can be strengthened. Identifying gaps is the first step toward further securing your data systems.
Key benefits include:
- Security Health Check to benchmark your organization’s cyber risk;
- Awareness training;
- Security program sample documentation and policies; and
- Incident response.
Eligible VRSA members can access YourCISO here.
VRSA also offers a number of online courses, recorded webinars and other training materials to assist your organization in providing training to staff.
Beazley Breach Solutions
Additionally, eligible VRSA members have access to Beazley Breach Solutions, a risk management portal providing resources that help you prepare for and respond to cyber threats. Beazley provides:
- Clear, practical guidance on effective incident response and business continuity planning, with easy-to-adapt templates;
- Practical discussion of fundamental IT security controls, and best practices for specific threats like ransomware and business e-mail compromise; and
- Beazley Privacy Builder, a toolkit to develop and improve your data privacy and security program.
Additionally, Beazley provides resources to:
- Train employees on identifying potential threats – such as phishing, malware, mobile and wifi security, identity theft, and more;
- Live Cybercrime Spotlight webinars on emerging threats;
- Breach trends and security alerts; and
- Sample policies and live webinars on legal and regulatory changes.
Cyber-attacks are only expected to increase in the future. The time to prepare staff for these attacks is now. For more information on VRSA’s Cyber Coverage and resources, contact VRSA Director of Member Services Marcus Hensel at: 800-963-6800.