Or alternatively: Is your town budgeting for RansomWare? That’s when hackers infiltrate an entity’s computer network and take complete control over all of the IT assets and then, like a human hostage, hold them up for ransom (“pay us $XXXXX or your files will be encrypted by us forever”).
The next on my list of departmental subcommittee was Finance (this morning) which also incorporates the Appraisal and Tech areas. The Appraisal cost is down as we just finished our 5 year full review – and yes, my home was one in the one third of houses whose evaluation went up (sigh…). Finance itself was a bit lower due to personnel swap outs (higher cost went to another department and the replacement came in at a lower pay grade).
Tech, on the other hand? Up. No, not because we have higher costs (although software license costs were up about 1% and our 3 year contract with Mainstay (the town outsources our IT needs) was just renewed at an uplift of 3%) but because of new IT Security costs.
The State mandated, because of the hacking / ransomware , a new law that is requiring towns to have a security audit done on their IT infrastructures – we are in that process now. While the low hanging fruit (email training, no thumbdrives, et al) have already been addressed (on a continual basis), Mainstay was hired to do that “white hat” (hackers, but “good” hackers as opposed to “black hats” who are those conducting illegal breakins). So they are doing a security audit of all of the IT assets in town, as well as the network, to see what the town’s exposure / exploitation points are. Now, we’re a small town – around 7,400 people so our town employees only number around 80 and those using IT assets is much smaller than that; most of the departments, other than DPW, Police, and Fire are a handful of people (or less). But that’s still a lot of spots to be analyzed on an ongoing basis as the threat matrix shifts and grows.
Most businesses that have an “IT disaster”, be it natural or manmade, that last even just three to five days often fail within the next two years – they just aren’t prepared to handle their business without their computers. Greenland, NH, and the City of Portsmouth quickly came up during our discussion as local examples as ransomware victims. That’s why we are seeing many large towns and cities (and companies) who are being hit by ransomware just pay up (not always the first announced price, but a lower price is still a payout).
I brought up the point that while the Mainstay study is a good one, a parallel effort, along the lines of an ISO business process study, should be done separately and apart from the Mainstay study with an eye to “backup paper based processes” springing from how the town does its business. Generally, an ISO forces an entity to write down EVERY DETAIL of how people do their jobs – and then compliance is mandated to follow those written processes. Now, the value ad is NOT just figuring out what you are doing now but in see what things you are doing now are just plain wrong or stupid; exposing the “now” brings a Big Flashlight of “WHY the heck are we doing it that way – that’s STUPID!” and a re-think of how to stop doing some things altogether and making other processes much shorter, faster, and with less friction points.
And in the case of this ransomware / security threat, bring exploitable points to the fore in which paper processes could be used in a pinch for a limited amount of time.
You know, sorta like going back to paper ballots to make hacking of electronic voting systems irrelevant?
So bottomline question for YOUR town: what’s in YOUR IT system? And how is your town handling this? It’s probably not going to be quick or cheap but you’d better get cracking on it. So what ARE your town leaders doing about it? NOW?
So we’ll see how that goes. Bottom line, however, even with all that, overall there was a 5.3% decrease in cost for this department.
I like that – I REALLY liked that.
Note: again, apologies to Glen, Sue, Dorothy, and Tom for being late. Bad night last nite and I overslept the snooze alarm