The county government lost almost $250,000 in a wire fraud scheme in 2018, and its computer network was breached at least five times in the past three years, the report says.
The grand jury also noted that more than half of Marin’s 11 cities and towns have fallen victim to financial fraud and network breaches, including Corte Madera, Fairfax, Larkspur, Novato, Sausalito and Tiburon. Most of those incidents were not reported to the public.
After the 2018 scheme, which targeted Marin County’s finance department, the county implemented new practices to fortify its network security, the grand jury said. The county “now has a well-developed approach to cybersecurity and a robust architecture and strategy for avoiding attacks,” the report says.
However, it adds, “There is more that the county government can do to ensure the security of its systems.”
The report says common cyberbreaches include ransomware attacks, when a hacker crashes a computer system and demands money to restore it, and phishing, when a hacker sends a message designed to trick the recipient into giving out a password or other sensitive information. Stolen passwords can be used to steal private data or disrupt a computer system.
Such attacks have the potential to cost taxpayers millions of dollars, and Marin’s governments should strengthen their online security measures in order to prevent them, the report says. An attack on the municipal government’s computer network in Baltimore last year cost the city an estimated $18 million, the grand jury noted. Small towns can be at an even greater risk.
“Hackers know that smaller municipalities can be easy targets because of inadequate network protections and spotty adherence to best cybersecurity practices,” the report says.
The grand jury urged Marin County to take a lead role in sharing cybersecurity tips with the cities and towns. The report suggests that each municipality hold an annual discussion about its security measures, and when a breach occurs, it should be announced publicly. Marin’s government agencies should also share cybersecurity services to keep costs low, it says.
Marin County’s technology specialists regularly meet with representatives from other California counties to share cybersecurity practices and protocols, said Jason Balderama, the county’s chief information security officer.
“Marin is certainly open to expand our information sharing with the cities and towns,” he said.
The report suggests that municipalities adopt several security practices, including requiring strong passwords that must be frequently changed, regularly backing up data and installing antivirus software.
With many municipal employees working remotely during the coronavirus pandemic, it’s become a crucial time for governments to focus on cybersecurity, said Corte Madera Mayor Eli Beckman.
“A lot of vulnerabilities come up when you’ve got workers trying to access a system remotely,” he said.
According to the grand jury report, a hacker disabled Corte Madera’s computer network in 2019 during a brief moment when the town’s firewall had been intentionally turned off for a system update. No ransom was paid, according to the report, but the system had to be restored from a backup.
Cybersecurity is “a constantly evolving thing that we’re always working on,” Beckman said. “It’s an integral part of good governance in the 21st century.”
The civil grand jury, an independent investigative panel empowered by the local judiciary, posts its reports online.
(c)2020 The Marin Independent Journal. Distributed by Tribune Content Agency, LLC.
