No Entity Is Immune To Cyber Attacks
As some of you may have heard, Cleveland Hopkins Airport recently recovered from a computer malware attack. Make no mistake; there are cybersecurity risks for governmental entities just as much as any businesses or nonprofit. It is imperative that entities know how to avoid becoming a victim and what to do if hit with a malware attack.
Listen to episode 41, “The Hacked & The Hacked Nots,” on this episode of unsuitable on Rea Radio.
What Is Malware?
Malware is any software specifically designed to cause damage to a computer, server or network. The damage takes place after it is introduced to a target’s computer and can take the form of executable code, scripts, active content, software and more. There are many different types of malware, and it can infect a computer or system in several ways. The following is just a sampling of the various forms of malware:
- Ransomware – installed on a computer by clicking on links in emails. The program then holds your computer or system hostage by either locking the screen or encrypting the files until the ransom is paid. This is currently one of the biggest threats in the information security industry.
- Virus – infects programs and files that can destroy valuable data or cause irreparable A worm is a virus that spreads to other computers via the network.
- Spyware – created to spy on the victim. Once the hacker secretly implants the spyware on a computer, it gathers information and sends it to the hacker.
- Rootkit – a virus that assists a hacker in remotely accessing or controlling a computing device or network without being exposed.
This is just the tip of the iceberg. There are several other types of malware out there, not to mention the numerous types of phishing scams that lure people into clicking links or visiting websites that then infect their computer.
So What Is An Entity To Do?
The best defense is prevention. Entities need to take a more proactive stance on cybersecurity risks by taking a good look at their systems and work to decrease cybersecurity risks by:
- Properly training all staff such as
- Enforce strong passwords (and never writing them down)
- Educate employee to not open attachments in unsolicited emails
- Remind your team that most companies, banks and agencies don’t request personal information via email
- Regularly backing up all system data
- Investing in good anti-virus software, anti-malware, pop-up blocker, etc.
- Ensuring your operating system, software and firmware are up to date
- Use a phishing filter with your web browser
- Disabling macro scripts with your web browser
- Calling people instead of simply using emails
If An Attack Happens
Even with all precautions taken, your entity could still fall victim. Know the signs:
- Computer, programs and internet connections slow down
- Web browser ceases to work completely on a regular basis
- Computer screen is bombarded with pop-ups of unwanted advertisements
- Unanticipated frequent system or program crashes
- An unexpected decrease in disk space
- Web browser’s homepage has been changed
- Redirection to new websites while trying to access a different website
- Unusual programs and messages keep appearing
- Programs start running automatically
- The anti-virus program is turned off (disabled) automatically
- Friends complaining of receiving strange and irrelevant messages from your email
- Blocked access to your own system and a ransom demanded to regain
Let This Be A Lesson
Cleveland Hopkins Airports got off lucky as flights and security were not affected by their recent malware attack. However, they did experience a power outage, and baggage claim operations were down for almost a week. It was rumored that the issue was ransomware, and the city of Cleveland did not pay. Last year, Atlanta suffered due to a ransomware attack that shut down the city’s computer system and stalled airport operations. The hackers wanted approximately $52,000 in bitcoin. The city of Atlanta did not pay the ransom but did end up spending about $2.6 million to recover from the attack.
Don’t put off protecting your entity and its information. The Ohio Auditor of State has a comprehensive cybersecurity checklist that you should look over. The list provides a wealth of information about how to prepare and what to do (or not do) if a cyberattack occurs at your organization.
By Allie Hinton, CFE (New Philadelphia office)