When city staff click the link in a fake phishing email, it triggers a training video about the dangers of a real phishing attack. The move is in response to a recent ransomware attack against the public school system.
(TNS) — Every now and then, Rockford city employees receive a fake phishing email. If they click on the link, they are taken to a training video on cybersecurity awareness.
It's just one tool the city uses to prevent ransomware and other cyberattacks from infiltrating the massive 200-server, 1,110-terminal information technology infrastructure that supports police, fire, public works, finance, community development, human services and more.
"Getting through a firewall is hard," said the city's IT director, Glenn Trommels. "Tricking people to click on links? That's easy."
As ransomware continues to make headlines here and across the country, municipalities and school districts — the targets of many of the attacks — are trying to glean any lessons they can from victims so they can avoid being next.
Ransomware is a type of harmful software that denies owners access to their computer systems or data until a ransom is paid. It's often spread through infected emails and websites.
IT experts say the best defenses are vigilance, an educated workforce and continuing investment in the largely unseen layers of IT protection that often go unappreciated until days like Sept. 6.
That was the day of the ransomware attack against Rockford Public Schools, the effects of which still are being felt today.
The 29,000-student district kept its 42 schools open after the attack, but went without email, internet, phones and access to a host of electronic systems the district uses to keep records, not to mention computers, laptops, Smart Boards and tablets.
It was also the day Trommels got an early morning phone call from his boss asking him how quickly he could move on some of the cybersecurity enhancements he was hoping to bring to City Hall.
"I started having those discussions last summer when the bad guys were really going after municipalities and school districts," Trommels said. "I told them 'We really need to bolster our security posture.' Everybody agreed, and we were working on increasing my budget to do some of these sooner rather than later. Meanwhile, more and more ransomware attacks were happening and then Rockford Public Schools."
The Rockford City Council fast-tracked the first of a handful of cybersecurity investments on Sept. 16. For $136,500, an outside company will provide the city with a year of 24/7 network monitoring.
"Luckily, we have not been hit, but every organization has its vulnerabilities," Trommels said. "Major companies have entire security teams, and they're still getting hit.
"It's every IT manager's worst nightmare."
Winnebago County has been just as lucky as the city of Rockford when it comes to ransomware attacks.
Chief Information Officer Gus Getner chalks it up to day-to-day diligence.
"We can't reveal all of our mechanisms, but Winnebago County has the appropriate anti-virus, web filters, spam filters, firewall, awareness and zero-day threat protection to manage threats," said Getner, who has been overseeing the county's computer network for the past 14 years.
"It's very alarming," he said of the attacks in U.S. cities including Baltimore; Albany, New York; Laredo, Texas; and Lake City, Florida. "We try to get as much intel as we can about what occurred and what might have been the weaknesses."
Nearly 400 government bodies have been struck by ransomware in the past two years, Getner estimated. Some have paid ransoms. Some have refused, opting to rebuild. Rebuilding came with an $18 million price tag in Baltimore's case.
"We are vigilant, but my experience is this. ... A big enough hammer can break anything," he said. "No system is 100% bulletproof."
The county has 1,200 employees working in the local court system, sheriff's office, jail, health department and nursing home, among other locations.
Getner's annual budget for fiscal 2020 is just shy of $1.3 million. That's a 2% increase over the previous year's funding and includes security improvements.
He's hoping to supplement that budget in years to come with a portion of a capital spending plan, if the County Board approves one.
"When it happens in your backyard, like RPS 205, that gets people thinking," Getner said. "There are so many takes going on, and they are getting more and more sophisticated."
Rockford Public Schools is preparing to enter the fourth week of its post-ransomware life.
Email service returned this week. Phones were expected to be back up by Friday. Internet and Wi-Fi were supposed to be back up this week, as well.
The district continues to investigate the hack as it works to restore and rebuild its IT infrastructure.
"At this point, nothing indicates that sensitive information from staff or students was taken. We are still investigating, and this information could take several weeks to confirm," the district said Tuesday on its Facebook page. "We do not believe the intent of the ransomware attack was to take personal information."
Some critical record-keeping systems will not be restored until at least next week , the district said.
Meanwhile, the district has remained tight-lipped about how the attack occurred, who is responsible and the size of the ransom demand.
Rockford School Board members approved $544,000 in information technology and security expenses Sept. 11 and an additional $376,000 on Sept. 24.
Some of the district's expenses related to the ransomware attack are expected to be covered by insurance, officials said.
"This is not easy to recover from," School Board member Mike Connor said. "This happened to us. There have been a lot of hacking attempts. ... It's an issue to be taken very seriously. This is a national trend."
The Harlem School District was affected by a different kind of hack earlier this year.
Pearson, one of the largest educational software and textbook publishers in the world, informed its clients in July that one of the company's websites — AIMSweb 1.0, which is used to help schools monitor students' academic progress — had suffered a data breach in November.
The breach exposed the first and last names, and in some cases dates of birth and email addresses, of thousands of students and school employees, including those at Harlem, which uses AIMSweb 1.0.
According to Harlem officials, Pearson learned of the breach in March.
"Pearson has assured the district that the data breach was limited to this information and time period and have taken the necessary steps to secure their databases as well as prevent further data breaches from occurring as a result of this incident," the district said in an Aug. 15 letter to parents. "At this time, there have not been any indications that there have been any abnormal emails or suspected use of the information that was breached."
Pearson offered one year of free credit monitoring to those affected.
The breach affected more than 13,000 school and university accounts.
Jason Blume, the district's director of stakeholder engagement, wrote in an email that the incident with Pearson was "a third party issue that we had no control over."
©2019 Rockford Register Star, Ill. >Distributed by Tribune Content Agency, LLC.