From big cities and small cities to school districts and beach towns, more than 40 municipalities have been the victim of a cyberattack this year. The New York Times described the season that ended on Monday as a “summer of crippling ransomware attacks” that should prompt municipalities to re-examine their cybersecurity practices. Through these targeted acts of extortion that pose as innocent or legitimate emails, hackers gain access to digital municipal records or files, encrypt them to lock out authorized users, and demand payment for their release. It’s often less expensive to pay the ransom than to scrub databases and rebuild servers. One city in Northern Florida paid the ransom demand of $460,000 in Bitcoin, a cryptocurrency. And a school district on Long Island paid nearly $100,000 to restore data that was infected with a ransomware virus.
In late July, the New York State Department of Education notified districts of cybersecurity threats, urged districts to work with state agencies, and requested that major school systems and information hubs take state data repositories offline to scan for vulnerabilities. In August, the Department of Homeland Security reminded cities, towns and districts to back up data, keep it offline and perform regular software updates to bolster defense.
In light of events, we advise our municipal and school district clients to have full-scale compliance and data protection programs in place. If your cybersecurity approach needs a refresher course this fall, our team of municipal attorneys work closely with our cybersecurity protection and response practice group. We are happy to connect you with our firm’s cybersecurity compliance affiliate, Caetra.io, to help you demonstrate compliance and mitigate risk.
We hope your back-to-school season unfolds smoothly and securely.