A Company’s Number One Threat  

Cyber security is not a new topic of discussion among municipalities. In fact, in the past few years, there have been an increasing number of security breaches.  While trying to stay on top of all trends in cyber security, the only constant is that there are new attacks and emerging threats coming both night and day.

According to the 2018 Data Breach Year-End Review, the total number of publicly disclosed data breaches in 2017 is 1,579. This is a 44.7% increase over the previous year. 

More than 7 in 10 of all organizations in the U.S. were affected by a data breach according to the 2018 Global Trend Report. 

Recently, Pool members have been caught up in the increasing wave of email scams, such as "phishing."  Phishing emails entice the recipient to click a link, open an attachment, make an unauthorized wire transfer, or download a file from a source disguised as someone the recipient knows, or at least as someone of whom the recipient would not be suspicious. A Texas town recently avoided such a scam.

A Town Recently Victimized

A Texas town employee in accounting received an email from the contractor who  was building the new Town Hall, asking the town to change the ACH information on its payments. The employee felt like something was wrong in the email. She said the domain name had “Inc.” added to the end when she didn’t recall it being there before. She picked up the phone and called the construction company to verify the change and was told that the email did not come from them and that it was indeed fake.

The email had the correct logo, physical address and phone number of the actual company, but it only had a slight change in the email domain name. Her quick thinking and attention to detail prevented the issuing of funds to a criminal enterprise and saved the town what could have been a substantial amount of money.

General Email Safety Tips

• If you get an email asking for information, make sure it’s from someone you know and confirm the address is correct. If in doubt, confirm by calling the sender.
  
  
• If the email has an attachment, you can click “Reply” first and see the address from which it came. Even if it’s an address you know, run a virus scan on the attachment. Viruses usually spread through email address books, making it even more likely to come from a correspondent.
  
  
• If you get a an email with a link, put your mouse on the link without clicking and see what address it leads to; if you click the link and it leads to a page asking for your login credentials, stop and contact your IT staff.

Keep in mind, scammers are very good at faking their identity. However, they are often lazy and count on their victims simply not paying attention.

For more information regarding phishing attacks and cyber security, please visit the Risk Pool’s website: https://www.tmlirp.org/coverages/cyberthreat (member login required), where you will find a link to eRiskHub.com that will include many cyber security resources and training. Also, please contact our team with any questions.

The Texas Municipal League Intergovernmental Risk Pool is the leading provider of workers’ compensation, liability and property coverage for local governments in Texas. Founded in 1974, we are the oldest and largest pool of this type in the United States, serving over 2,800 governments and political subdivisions. We are driven to continue the mission that began over 40 years ago, providing our members with a tailored risk-financing system through reliable partnership, performance and service.