What We Are Riffing About!

SmartCitiesDive: Cybersecurity risks spike as COVID-19 forces city staff to go remote

Check out Accela in the article below!

By Chris Teale

SmartCitiesDive – April 6, 2020

Working in the public sector requires a sense of socialization not always seen in private sector industries. City residents are often dependent on government officials for in-person services, engagement and acts of leadership, while systems, schedules and work policies are designed for staff to serve these in-person needs.

Now, an outbreak of the new coronavirus (COVID-19) has sent those expectations and working policies out the window. For some cities, a sense of significant cybersecurity may have gone with it.

Recently updated data from the U.S. Bureau of Labor Statistics found only 15.2% of local government employees regularly worked remotely from 2017-2018. Today, cities are seeing an unprecedented spike in that number as workers move to their home offices to abide with shelter-in-place orders and social distancing mandates. And as employee devices are more dispersed, cities become increasingly vulnerable to cyberattacks.

The challenge of protecting systems amid the pandemic is further complicated by a lack of internal IT staffing or resources from the jump. Many cities, especially those small- and mid-sized, have long struggled to build a secure arsenal of digital resources and staff due to limited budgets and resources

While it may be difficult for city IT professionals to enforce security protocols with a dispersed workforce, employees must prioritize vigilance against the kinds of hacks that have crippled cities like AtlantaBaltimore and New Orleans. If just one employee opens a phishing email, the results could be costly, according to cybersecurity experts.

Distributed devices create more vulnerabilities

Even before the current pandemic, the likelihood and scale of cyberattacks on state and local governments had been intensifying.

The economic impacts of these attacks, especially ransomware attacks, can be severe. After New Orleans was hit with a ransomeware attack in December 2019, the city spent more than $7.2 million in recovery in just one month, with insurance only expected to cover about $3 million of those total costs. Officials said it could take until fall 2020 to fully restore its computer systems.

The debate of if cities should or should not pay ransom to hackers has been divisive. During the U.S. Conference of Mayors’ Annual Meeting in July 2019, more than 200 mayors signed a resolution to not pay ransom in the event of a cyberattack. Yet a March report from Deloitte said some cities may find paying hackers to restore their systems as the “only logical solution” when compared to the costs of self-recovery.