Taxpayers will take ransomware hit

 In Letters
0

Editor:

Your reported assertions of readiness to ensure that ransomware cannot affect the records of the Township of Clearview exhibits the almost total lack of understanding and readiness of Clearview against this potential threat. The information provided to council only covered the recovery aspects of an attack, nothing was said about prevention – the key component and first line of defence in stopping an attack from occurring.

With the recent hacking of the Clerk’s website that I believe was due to the software on that WordPress system not being updated, the assertions of Mr. Henley related to the maintaining of system updates needs to be questioned by a councillor who knows and understands basic IT security, if indeed we have one! That hack (which was up for over two weeks) was reported by a resident, not staff, who was thanked in writing by the Mayor for reporting the hack!

Until Clearview Township bans the use of “Bring Your Own Devices” (BYOD) using the township networks to access personal emails, social media accounts and the internet itself and banning USB connective memory in the workplace, Clearview Township is still wide open to a ransomware attack.

If the purported three layers of backups are not air gapped and maintained at an off site location then its questionable if they will not be affected by a concerted attack. Using “cloud” backup is certainly not going to prevent the damage or locking of files if that “cloud” is permanently connected to the main systems; very few commercial cloud systems have any form of effective ransomware defences.

Anyone with experience of ransomware attacks will tell you that most of the attacks enter the systems via personal emails, social media access and downloads from the Internet by employees using BYOD, so unless all personal use of the Clearview networks are ended, there is a very high potential for an attack to damage township records.

Employee corporate network use prevention and the air gapping of backups were the primary reasons that a Creemore owned business was able to recover in less than 3 days from a serious ransomware attack without any loss of data or payment of “blackmail” fees two years ago.

I do not believe that sufficient concern or understanding of the issues has been exhibited by Clearview council and staff to eliminate the costs and disruption to taxpayers of a ransomware attack, for example what consideration has been applied to the use of the internet and Clearview networks for the election?

It is Clearview taxpayers, not councillors or staff, who will be on the hook to pay for any ransomware recovery (it will be interesting to see what it finally costs Wasaga Beach taxpayers for their towns lack of preparedness).

Peter Lomath,

Creemore.

Recent Posts

Leave a Comment

0