Ransomware has become an unfortunate and ongoing threat that is gaining momentum daily. We’ve all heard the horror stories, and sadly, the threat is real and the consequences are dire. While all segments of business and society are at risk, the public sector is among the most common targets – mostly because they are viewed by cyber attackers as among the easiest targets. Government budgets are understood to be stretched thin, leaving their IT departments to do their best with lagging technology. Entire agencies fall victim, rendering their network and data inaccessible, limiting operations, and effectively shutting down the business of the agency. Easy fix once hacked? Not even close. It’s called “ransomware” for a reason and the stakes are high.
What It Is and What Happens
Ransomware, one form of malware, enters into public and private networks in a number of ways. Among the most common avenues is through documents, frequently PDFs, that are accepted into the network through email or upload. Attackers hold systems “hostage” until the ransom is paid, ranging anywhere from hundreds of thousands of dollars into the millions. In 2019, ransomware attacks against 966 US government, healthcare, and educational entities cost those organizations $7.5 Billion. Read that again – $7.5 Billion. Even the best IT team won’t be able to free up the systems quickly – it will take weeks at best. You can see that it’s big business and continues to evolve to sneak in ahead of typical antivirus protection.
Although the attacks aren’t typically for the purpose of accessing data, it must be understood that once successfully attacked, your data, in fact, has been compromised. It’s an access, privacy, constituent satisfaction, and budget nightmare.
What Can an Agency Do to Protect Itself?
Given the severity of the consequences, it’s clearly worthwhile to take all reasonable precautions. It starts with understanding risks and vulnerabilities – how ransomware sneaks in and takes hold. Your first line of defense is to understand and implement the best practices for cybersecurity. Remember, preventing the attack is categorically safer and less impactful than trying to restore and recover from an attack. There are many tactics your agency can employ to protect itself, some complex, some very simple, and all will work to minimize the risk.
It should go without saying that:
- Your agency should work to avoid being the low-hanging fruit for cyber attackers – and indisputably, cyber attackers are opportunistic. An easy target translates to a quick win for them; and
- The better you guard against infiltration, the harder it is for the cyber attackers to, well, attack.
But you’re probably saying…
“We have firewalls and antivirus,” or, “Our IT Department is on it,” or even, “It couldn’t happen to us!” Those are fair points, but how often are your antivirus definitions updated? And are you confident that it’s enough? Remember that your IT Department is proactive, as possible, but in the case of cyberattack threats, they are substantially reactive – in other words, they’re working as fast as they can to prevent what they know about. Legitimately, in many cases, that has worked. In others, it hasn’t.
Consider that the more layers of protection you add, the safer your network is. And really, can your network be too safe? Think about the tools and processes that can work for you, unobtrusively, that will provide additional components to your protection.
One of the ways – possibly the primary way that ransomware and other malware enter into your network is through attachments and files. Almost every employee in every organization knows to not open attachments that came in unexpectedly or from an unknown sender but also think about the files that come in through your agency’s other systems. Any portal that accepts PDFs or files, really any online presence with a button is an avenue for cyber attackers. And as we’ve seen, a moment’s intake can translate into weeks offline and hundreds of thousands of unbudgeted dollars to continue providing service to your constituents.
Protect Your Agency with the Right Tools
Fortunately, tools exist that are unobtrusive, provide immediate feedback, and will serve to protect your network from receiving PDFs that admit ransomware into your system.
PDF Scout™ Inspector Tool from e-PlanSoft™ is an easy-to-implement tool for peace of mind, to ensure that the PDF documents your agency receives are valid, suitable for use, and free from unexpected inclusion, i.e., malware in the form of scripts, macros, embedded objects, etc. You can think of it as your ounce of prevention that can be used for any of your upload applications, including mobile apps, that accept PDFs. Scout will accept PDFs from virtually all major sources and rejects any attempted uploads that fall outside of accepted standards. And Scout is configurable, so your agency can opt to either reject or issue a warning if those files don’t fully meet the criteria for acceptability.
As plan reviews, including intake and resubmittals, have trended toward paperless models, agencies have been afforded exceptional efficiency, time savings, and convenience for the applicant. e-PlanSoft recognized the need for a tool to operate in tandem with electronic plan review solutions that would allow agencies to responsibly receive PDF documents without the threat of allowing malware into public sector networks.
Scout was developed for use with e-PlanREVIEW® and goPost™ Public Portal and can be implemented for use with virtually any electronic plan review and/or permitting solution that accepts PDF files.
Scout is the unrivaled leader in electronic plan review PDF inspection tools and offers full flexibility to be used with not only every other electronic plan review solution, but any online or mobile intake portal or utility.
Ready to see how PDF Scout Inspector Tool can protect your agency from malware?
Request a demo to see it in action. www.eplansoft.com/request-a-demo.