For Small Towns, the Danger of Clicking on the Wrong Email is Real
Crippling cyber attacks on major cities have made recent headlines, but smaller towns, like those across the Cape and Islands, are not immune.
Governor Baker has announced a quarter-million dollars in grants to train municipal employees in cyber security, in an effort to prevent computer breaches.
Some local towns are benefitting from those grants.
Kevin MacArthur is the president of Secure Networks, a Hyannis company that provides IT help and cyber security to several Cape Cod businesses.
Part of his job is to send out "fake" emails to help train his clients to identify what's called phishing—emails from potential hackers.
As MacArthur explains, attackers will try to gain access to a database by sending an email that looks like it comes from a legitimate source. Once in, they can shut out access to important files, like a town’s tax records or payroll information.
The attacker asks for a ransom in return for access to the files.
MacArthur says attacks have increased in recent years because now there’s a way for victims to pay: cryptocurrency.
"If I encrypt all your data, there’s actual monetary value now," MacArthur says. "I can actually get you to pay me in order for you to get your data back. So it’s serious, because there’s real money on the line, and it’s enough to make it hurt."
At the state level, officials are warning small towns about potential attacks.
"All the municipalities in the nations are targets in some form or fashion," says Staphanie Helm, the director of MassCyberCenter. Governor Baker created the center in 2017 with the intention of promoting cyber security.
Helm says that all towns should back up their data and create a plan for how to respond in the event that an attack does happen.
"What you really want to avoid is being that low-hanging fruit," Helm says. "You want to do the basic block and tackling so that the casual hacker, they try and try, and when they eventually can’t get to you, they’ll move onto somebody else."
On Martha's Vineyard, the Edgartown IT director Adam Darack says he sees phishing email attempts made on the town systems all the time.
“I think there are people that sit at a computer all day long looking for vulnerabilities, and I think a lot of times they find them,” Darack says.
Edgartown has not been hit by a succesful hacker.
Like MacArthur, Darack also stresses the need for education for his fellow employees. So he shares these phishing emails, often sophisticated ones, to give examples of what not to trust.
But Edgartown is a one-man IT department, like most in the region, so there’s only so much he can do.
"I can tell people to have common sense, I can mention to them specific examples of things I hear, but I’m not putting together extensive security training curriculum," Darack says.
So Darack takes help where he can.
Edgertown was one of only a handful of towns on the Cape and Islands to receive a grant from the Baker Administration. The grant will provide training for staff, much of it to help identify these dangerous phishing emails.
New Bedford also received a grant, and no one knows better the importance of cyber security. The city was hit by an attack over the summer.
New Bedford Mayor John Mitchell says he learned that over 100 computers were suddenly compromised on July 5, just hours after the holiday.
The city could not access basic information like where manhole covers were located, where water and sewer pipes were laid, and even files documenting where people were buried.
"You tend to appreciate how much you rely on computers and data when you lose them, and we lost data on a fairly large scale," Mitchell says.
The attacker wanted over $5 million in return for an encryption key.
Instead, the city spent several months rebuilding its databases using old emails, outside help, and paper files.
Mitchell says it was a major inconvenience. His message to other cities and towns: take cyber security seriously.
"There are constant attacks against municipalities," Mitchell says. "All it takes is someone with excessive curiosity to open up a single file and cause a major disruption."