Skip to Main Content

From the Trust Perspective: Cyber Liability: Am I at risk? 

By Bob Haynes,
NCLM Associate Director, Risk Management Services

Did you know that identity theft is the fastest growing crime in the US and will affect 1 in 20 Americans a year? More than 1,000 viruses are created each month. A study by Verizon Communications identified public entities as the No. 1 target of hackers in 2013. While the ranking may be driven by agency reporting requirements, it’s clear municipalities have a risk exposure in this area that should be managed. We are certainly hearing more and more about cyber risk including phishing, identity theft, malware, and security breaches from hackers and even employee mistakes.

The Target breach taught us even if our systems are secure, cyber criminals may get in by hacking one of your vendors, an HVAC vendor in the case of Target. The South Carolina Department of Revenue breach occurred after an employee clicked on an email containing malware that was not detected until several weeks later allowing the cyber criminals plenty of time to steal data.

Municipalities house personally identifiable data on its employees, customers or citizens. They also may share this data with others. A risk management plan should be in place to both avoid a breach and respond to a breach.

An effective first step in avoiding a breach is providing security awareness training for your employees. Below are some security tips as recommended by Agio, a security consulting firm:

Workstation Tips:

  • Install active anti-virus and keep it current
  • Apply Microsoft and third-party software security updates
  • Do not install unauthorized/free software without IT approval
  • Include at least 8 characters for passwords, use capital and lower case letters, numbers and symbols
  • Change you password every 60-90 days
  • Lock your computer when you leave your work area
  • Do not store or email your passwords (passwords in your desk or under the keyboard are not secure and email is not encrypted)

 Mobile Device Tips:

  • Install anti-virus and remote wipe technology on your mobile devices-but research them to make sure you’re loading authentic software
  • Scanning a QR code is like clicking a link. Use Norton Snap that automatically scans QR codes and lets you know if they’re safe
  • Only scan QR codes that are printed on the item or marketing material -- don’t scan stickers
  • Don’t store sensitive data on your mobile devices

Email Security:

  • Keep personal email personal. Use work email only for work purposes.
  • Don’t open a suspicious looking email. If you didn’t expect an email, don’t open it and never open attachments from unexpected sources
  • If you suspect a phishing email (an email from what appears to be a legitimate source), delete it if you are not a customer of the site, and don’t click on the link or reply. If you are a customer, call the organization or type in the official URL (don’t click on the link.)
Remember, information security is everyone’s responsibility. Following these and other guidelines will significantly reduce your risk.