Supervisor’s Statement 1.16.2020 Town Board Meeting
Besides Grant paperwork, contracts and budgets, I’ve been finalizing the Sewer feasibility Study RFP, the commensurate Survey , and the shared service for fuel purchase.
Wednesday Alice and I attended the Cybersecurity Summit at Marist College at the behest of County Executive Molinaro, in order to learn how vulnerable we are at the local government level. Key points which I want to emphasize to everyone who works here, and to the public at large who run businesses:
Cyber attack is the new larceny. The most common attacks are ransomeware sent as a virus to computers through the opening of innocent-looking emails, seemingly sent by someone you know, and game-playing on the web. Any computer that goes onto the web is vulnerable.
Just because a computer is not networked into the main workplace server does not mean it is safe: it is networked into the wifi system, which is vulnerable, and also the wiring contains what is known as SWITCHES which are vulnerable connections. Switches can be hacked. WIFI can be hacked. Emails that have been hacked can convey viruses to your computer. This is called spearfishing.
Your computer then becomes a conveyor of viruses itself. Yahoo, Hotmail and AOL are particularly vulnerable to hacking. State-connected systems—our tax collector, Town Clerk and Justice system—are not safe from this.
All employees of the Town of Pine Plains MUST be on our official DOT-GOV email account. This is for insurance purposes, and protects you, the employee, from having to pay for any hack that occurs on your computer. Please stop using your personal accounts, or email addresses not on our system. And remember, any account you do use for work purposes can be FOILED.
The new criminals have software that enables them to imitate people you know—your grandson, your best friend–with very precise and familiar language as well as the same email addresses you think only belong to the person. Vendors in particular are being hacked. It has become very sophisticated.
Even worse, an industry has risen around both ransomware—which is the seizing of information like bank accounts, with a ransom set by the criminal to the owner—and the insurance companies trying to protect us from it. The FBI Agent who spoke to us stressed that we not allow our insurance companies to pay the ransom, as that has created a steady income stream for the criminals. Hacking has increased because of this.
If a municipality or a business gets hacked, the destruction is at the infrastructure level. Our police/justice system/bookkeeping would go out until it is rebuilt. In addition, money could be pulled out of our accounts without us being aware of it.
As an example of what we are up against, Dana Smith, head of Emergency Management for the County, cited the fact that the County is what they call “poked” over 100,000 times per DAY by hackers. Per day.
Size does not matter: towns such as Colliersville, NY and Rockville Center have been hacked with money taken from their accounts, personal information taken and software kidnapped. Many small towns do not have access to their records 24/7, because Town Clerks don’t work at that level, so there is no way for us to monitor what is going on.
In addition, if we are hacked, by law we have to report the situation to everyone who is affected by it. This means all consumers, tax payers, etc.
How to prevent it:
- Do NOT open Word document attachments or videos unless you are certain they are from someone you know.
- Get on the town email system.
- Strengthen passwords—use 2-part authentication if possible
- Backup files offline
- Shut off blue tooth on phones and laptops when moving them—hackers can get through via blue tooth
What to do if it happens:
- Dial 844-OCT-CIRT and report it immediately; they will then report to the FBI, the State Troopers.
- Call the FBI and State Troopers anyway
- Report attack to ww.ip3.gov
Final word on this: There are no international borders in cyberspace. Numerous countries are hacking into the United States every second. Much of the information stolen is information you may not be aware is being taken. The most targeted technologies are:
- Personal Information
- Health Insurance
- Electrical grid
Hackers have what is called “machine learning”. This means that they will attempt many times to hack into your system, not just once and give up. Their software is sophisticated and hits anyone. It learns on its own and comes back in different ways to hit a system. No one who uses a computer and the web for work is safe.