Is Lake Oswego safe from a cyber attack?
Nowadays people have access to everything with the tap of a finger — clothes, food and even relationships. And while this digital era may come with efficiencies and ease, it also comes with concerns — especially with cyber security.
Ransomware is a huge, ever-increasing problem throughout the country. And with October being National Cyber Security Awareness Month, learning tips and tricks to protect your computer from succumbing to ransomware attacks has been a hot topic — including at the City level.
In August, the New York Times reported that 22 cities in Texas were simultaneously being "held hostage" by a single hacker who demanded millions in ransom. As of August, more than 40 municipalities had been attacked across the country this year according to the Times.
"The larger government organizations that have been hit have been impacted for even months from ransomware," said Wes Pay, acting chief technology officer for the City of Lake Oswego. "The costs associated with resolving those issues are astronomical."
Though Pay considers Lake Oswego lucky because there have been no recent issues, he said the City did have a ransomware incident a couple years ago.
Someone received a document in an email and opened it, and it infected the computer they were using as well as some of the City's data and documents.
"We were able to detect that event in approximately 30 minutes and completely recover from it," said Pay, adding that it didn't cost anything and it wasn't a targeted attack — just a random spam email.
Pay said some local jurisdictions were hit by targeted attacks, meaning the public facing systems were monitored and the attacker found weak spots in the system and exploited them. The attacker first took out the back-ups so data couldn't be retrieved, and then the live data was destroyed.
"That's a real problem," said Pay, adding that the Oregon National Guard started a program that assists governments and local agencies with cyber security, helping these agencies analyze their system and recover data when there are incidents. "We are pretty lucky in Oregon."
And the City of Lake Oswego has quite the complex cyber security system.
The City has a number of firewalls in place and receives its internet service through a broadband consortium in Hillsboro. It's a joint system with Tigard, Washington County and other similar jurisdictions. There is a level of security there as well as an intrusion detection system and more firewalls. The City also has anti-virus protection on all its computers.
"One of the things we don't do that a lot of jurisdictions will do is fake phish our employees as a training aspect," Pay said.
The City may do that at some point, but Pay hasn't felt like it has been necessary — though he does send out an educational phishing email periodically that shows what these cyber security attacks look like.
The City also has filters that help block malicious content. When people browse the web, certain sites are blocked based on suspicious activity. The same goes for advertisements that will link people to a malicious site.
"We have a pretty robust system, but nothing is perfect," Pay said. "There's always ways in but we do our best to protect, block and prepare for intrusion."
Two prevention strategies that residents should focus on to avoid attacks on personal computers are creating unique passwords, not using the same password for multiple sites and knowing how to recognize what a phishing email looks like.
"The biggest tip is to use fairly complex passwords and don't use passwords across various applications," Pay said. "I encourage people not to reuse their passwords."
If someone receives an email from an unknown address asking for log-in information, Pay advises people to go through the actual website or call, instead of clicking on any link in an email.
For example, if a person receives an email from their bank asking for log-in information, Pay said it's best to go onto the actual banking website and see if the same message comes through in the secure messaging system.
"Usually the best way to tell is the email address it comes from," he said, adding that it might reveal a gmail address, which is a clear indicator that it's not from the bank.
"Cyber security seems like a daunting, even depressing situation, but it's really not," Pay said. "Yes, it's an issue but if we all think about it periodically and maintain a certain level of awareness, it's not something that we can't deal with. It's out there, it's an ongoing problem but it shouldn't be something people should necessarily be afraid of. Life will go on."
You count on us to stay informed and we depend on you to fund our efforts. Quality local journalism takes time and money. Please support us to protect the future of community journalism.