Limited resources and lack of training combined makes local governments the target of cybercriminals and vulnerable to attacks
Local governments and taxpayer money are the target of cybercriminals. Limited resources and lack of training combined makes them vulnerable to attack, heightening the urgency, information safety is questionable. Small governments and local agencies generate troves of sensitive information in the course of doing business. But what may be more worrisome is that many towns and agencies are also connected to state networks or infrastructure systems — and local governments’ resources to protect their networks and stored data can vary widely.
Cybercrimes targeting taxpayer dollars are on the rise. The Auditor of the State, Dave Yost is warning treasurers, fiscal officers and others responsible for spending public money that scammers are victimizing local governments and they should be taking measures to protect against become the latest target of cybercriminals.
“We’ve all seen and heard about the criminals who try to steal our personal funds. These scammers would like nothing more than to get their sticky fingers on our tax dollars, too,” Yost said. “We need to be vigilant because they are becoming increasingly sophisticated in how they attempt to steal money through the internet.”
There have been cases of phishing, which involved a link or attachment contained in an email that infected the computer. Some of the attachments launched viruses that take the computer’s data hostage, until a ransom is paid to unlock the system.
“Some of these scam artists can make your eyes deceive you,” Yost said. “You need to be vigilant, especially if a proposed transaction originates from an email. When dispersing funds online, we must verify first, then trust.” The warning from Yost comes after several recent attempted scams as local government becomes the target of cybercriminals, a short list below:
- Early May, the Big Walnut Local School District fell victim to a fraudulent, official-looking email asking for $38,520 to be paid to a vendor. Fortunately, the school district was able to recover the money lost… Other communities have been victimized as well:
- An investigation continues in an eastern Ohio county after the county’s court data was attacked by ransomware on May 31. A virus had encrypted the court’s data and hackers demanded $2,500 for the key to unlock the information. Because a recent copy of the data wasn’t available, the county agreed to pay the $2,500.
- A similar ransomware attempt was made April 5 in Vernon Township (Clinton County). That cyberattack did not result in the payment of any ransom because the township’s data was backed up – a good practice regardless of cyberattacks.
- In Peru Township (Morrow County), the township fiscal officer’s computer began screeching on March 9 before a notice appeared on the screen advising that a solution was available by calling an 800 number. The township paid $200 to stop the attack.
- In Madison County, the Agricultural Society was scammed out of $60,491 through someone posing as the IRS, collecting back taxes. The incident occurred in September.
Public information technology workers researched told the Municipal Research and Services Center that on a scale of 1 to 5, 75% of respondents gave government executives scores less than 3 for their awareness of information security threats. “In the focus groups, it was widely acknowledged that the level of threat is increasing, especially to smaller organizations without the means to defend themselves,” the center said.
One advantage that governments and public agencies do have, Kim said, is they can work together. Public agencies, all face the same problems, work in the same space and can share resources and expertise. They don’t have competition, he said. County’s towns and agencies could all share the same standards and systems for storing their data and operating their networks, all operating using the county’s architecture.