Cybersecurity Attorney Offers Advice on How to Avoid Attacks
David Rice, Partner, Miller Nash
Of the multitude of cyber threats targeting cities, counties and other government agencies, fraudulent instruction, data breach and ransomware make up most of the claims filed with CIS. Phishing scams, in particular, are increasingly problematic, and trick email recipients into clicking on links that lead to malware that can cripple websites and other operating systems.
David Rice, a partner with the law firm of Miller Nash who specializes in cybersecurity among other practice areas, said he often works with clients who have received emails that appeared to come from a regular vendor, but the address was altered slightly. The difference in the email address was not noticed until it was too late. “Sometimes that can lead to misdirected wire transfers,” Rice said. “Government agencies are paying a lot of vendors and they also store a lot of data, so they are targets for hackers.” “The biggest risk, in many cases, is not someone actually hacking into a system,” Rice added. “It’s typically individuals who are under great pressure, are doing a great job and click a wrong link because they didn’t look closely enough to ensure it came from the right person instead of someone impersonating someone else.” Rice said his first piece of advice for clients and others is to take stock of what their risks are. These include identifying what kind of data they have, how they store
it and how they share it. Private information encompasses health records, financial statements and elections records, among other sensitive data. “You need to have systems in place where your protections align with the risk,” he said. Options range from firewalls and other software that block malware to limiting access to data on a need-to-know basis to limit access to hackers. Multifactor authentication is another effective strategy that is being implemented by a growing number of organizations. Rice emphasized that ongoing trainings with staff are essential to keep everyone informed about the latest threats. “Security is not just an issue for the IT department to deal with, it’s really everyone’s role,” he said. “In addition to doing all the training, it’s important to do frequent backups so, at a minimum, you’re not losing access to mission-critical data.” Rice acknowledged that while larger entities generally have the resources to beef up cybersecurity, smaller ones often struggle to stay up to date. “That’s a real challenge because everyone wants to do the right thing, but in a government’s budget there are a lot of programs that need money. The need for this is growing and the number of people listening is increasing, but it still costs money,” he said. He suggested that local governments make the most of the resources that are available, and communicate with each other to create a comprehensive network of information.
Second Quarter 2022
LOCAL FOCUS 23