The 1,500 or so users connected to the Hall County computer network can be both the “biggest threats” and the best “security officers” when it comes to cyber threats, Management Information Systems Director James Thomas said.
“With a little training, they pick up a lot of stuff,” he said. “We capture a lot of stuff that’s coming that never makes it through our web filters and our firewall.”
In the wake of last month’s Atlanta ransomware cyberattack, Thomas and the county sent a message to all employees to not open any unknown links or attachments and offered other advice on protecting the county’s server.
“On a daily basis, we get sometimes over 100 different suspicious emails where the employees sent them in to us,” Thomas said.
Atlanta officials announced March 22 the city had faced an attack meaning “some city data (was) encrypted and customers (were) not able to access city applications,” according to a notice on the city’s website. Some city services were restored the following week.
Ransomware is malicious software that encrypts writeable data, and only the attacking party knows the decryption key. The attacker demands payment to unlock the files.
In the last few weeks, Gainesville city IT manager Jonathan Reich said there is a new campaign underway for additional user training.
“With the recent information that’s come out, we felt it important to do another one now,” he said.
From orientation, county employees go through training from the U.S. Department of Homeland Security meant to teach them vigilance about what they encounter online.
“It teaches them to look for phishing emails, malware (and) stuff like that, because most of these penetrations of (a) network occur through an email or through a link of some type that comes through an email. And once you click on it, you’ve got a problem,” Thomas said.
Reich said training is held quarterly on subjects about identifying ransomware and protecting yourself from online manipulation. New employees get added to the latest round of training.
“We found that every quarter is kind of enough where we give a good reminder and reinforcement of safe internet activity or computer cybersecurity safety, and between every quarter it’s enough for them to not be overwhelmed,” Reich said.
According to the U.S. Department of Homeland Security, there were more than 4,000 ransomware attacks on average that occurred daily since Jan. 1, 2016.
“This is a 300 percent increase over the approximately 1,000 attacks per day seen in 2015,” the department said in a memo.
The department advised isolating the infected computers, securing backup data, contacting law enforcement and changing passwords after removing the system from the affected network.
“Paying a ransom does not guarantee an organization will regain access to their data,” according to the department, which said some individuals or organizations were never provided with decryption keys after paying the ransom.
Some victims were targeted again, and others may get asked to pay more than the original ransom.
Hall County and Gainesville are part of the Georgia Chapter of the Government Management Information Sciences through the University of Georgia’s Carl Vinson Institute of Government.
“If we have a problem, we put it right there on Georgia GMIS, and you will get an answer to it. Or you can share information right there on that website,” Thomas said.
Hall County’s last external assessment came around 2011, and the county is scheduled to have another one this year.
“Now with everything going on with Atlanta and stuff like that, I want to have one today, but you have to schedule one now,” Thomas said.
Within the last year, Reich said the city upgraded its threat protection to “the next greatest thing.” Compared to the standard virus identification software, the threat protection system scans for any unwanted functions or operations.
“We’re going to always be vulnerable just like anyone else, like the city of Atlanta that has six or eight times the staff, the IBMs, the top 100s ... It’s really our goal internally to mitigate to the best of our ability the risks that come our way. That looks different every day,” Reich said.