NBT: Stay Alert! Government and school organizations targeted by cyber attacks

Related Company

by Brendan Baxter, Senior Vice President for Public Sector Business Development, NBT Bank

What do Huber Heights, Ohio (population 43,439), Cullman, Ala. (population 14,775) and Scotland, Conn. (population 1,576) all have in common? Yes, they represent a cross-section of “small town America.” They also were all victims of costly cyber-attacks in 2023.

Unfortunately, these municipalities are not unique in their experience with cybercrime. In 2023, government organizations and schools across the nation experienced financial loss and disruption of life-saving services, including first responder services, as a direct result of cyber-attacks, such as ransomware, phishing, denial of service and business email compromise. 

Municipal services are a key part of America’s critical infrastructure which makes them all high-value targets for cyber criminals. It is imperative that local government officials not only understand the unique risks these attacks pose, but also how they can protect the vital services as smaller entities with limited budgets and staffing.

Here are a few ways your municipal organization can improve defenses and become a harder target:

Monitor your accounts daily. It seems simple, but daily checks can help you identify suspicious activity early. The sooner a breach is discovered, the quicker you can engage your banking institution to start its processes and prevent further loss. Time is also important in some cases where fraudulent charges only have a 24-hour window to be returned. 

Implement digital fraud controls on your bank accounts. The majority of cyber-attacks on government entities are motivated by financial gain. Manual vigilance is a good first step, but that alone isn’t enough in an ever-changing sophisticated criminal world. Technological solutions, like Positive Pay, protect municipal accounts from many types of check and ACH fraud and are essential for any government.

Make sure your cyber-insurance and crime policies are adequate. The vast majority of businesses and government entities cannot effectively recover from cyber-attacks without the incident response expertise, breach management services and financial security of properly designed cyber and crime insurance policies. If you don’t have one of these policies, reach out to your insurer and learn more about securing one. If you do, have a discussion to ensure your coverage is adequate.

Engage your financial institution’s Information Security and Fraud Risk teams. Information sharing is key to defeating cyber criminals. We are happy to share our knowledge and experience with our Government clients, working together to ensure you have the right tools to prevent fraud.

Leverage free resources. The following free resources will help you assess cyber-risk and prioritize controls to implement:

  • State, Local, Tribal, and Territorial Government Coordinating Council | CISA – The Cybersecurity & Infrastructure Security Agency (CISA) has numerous resources dedicated to assisting State, Local, Tribal and Territorial (SLTT) governments improve cyber defenses.
  • Getting Started | NIST – The National Institute of Standards (NIST) Cybersecurity Framework (CSF) is a popular cybersecurity risk management framework with ample resources to help you improve your overall cyber risk management strategy.
  • CIS Critical Security Controls (cisecurity.org) – A prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture, aligned with the risk management practices in the NIST Cybersecurity Framework (CSF).

The unfortunate reality is that the question is not if a cyber-attack will happen to your municipality, it is when. By taking the time to ensure you have the appropriate prevention tools in place, you can help mitigate the costly and concerning impacts to your residents.

Brendan Baxter has more than 15 years of government experience, and collaborates with Government Banking, Commercial Banking, Treasury Management and other business partners at NBT Bank to serve the unique customer needs of government entities and public and private higher education institutions.

NBT Bank offers personal banking, business banking and wealth management services from locations in seven states, including New York, Pennsylvania, Vermont, Massachusetts, New Hampshire, Maine and Connecticut. The bank and its parent company, NBT Bancorp Inc., are headquartered in Norwich, NY. NBT Bancorp had assets of $13.44 billion as of March 31, 2024 and is traded on the Nasdaq Global Select Market under the symbol NBTB. More information about NBT is available online at www.nbtbank.com. Member FDIC.