By Shiloh Perry, Communications Specialist
County officials and staff are the last line of defense against hackers hoping to get their hands on the private data of thousands of Texans — and the bad guys are getting more and more clever at tricking well-meaning public servants into clicking online links that allow hackers to take control of a county’s entire network.
An alarming rise in these cyberattacks promoted the Texas Legislature last session to pass House Bill 3834 (HB 3834), which requires all county officials and their staffs who have access to a government computer or database to take a annual training course, certified by the Texas Department of Information Resources (DIR).
The need for counties to protect citizens’ private online data is more pressing than ever with the sensitive information local and state government agencies possess and the increasing risks from those illegally attempting to access that information. Since 2013, there have been a reported 169 attacks on local government, according to National Public Radio. In August 2019, hackers targeted 22 mostly rural municipalities in Texas with ransomware attacks. One city said attackers asked for a collective $2.5 million in ransom to unlock files. Research shows that 17% of local government victims of these attacks had no choice but to pay ransom for the return of their data.
Cybersecurity attacks, commonly defined as the unauthorized access or use of electronic data, often occur in the form of what looks like routine email correspondence. Frequently, hackers bait web users to open email links or attachments that infect a computer network once opened. Once this takes place, the hacker often gains access to the county’s entire network. With this and other common attack methods, the best preventative measure to protect against these attacks is cybersecurity training for individuals using equipment vulnerable to such attacks.
HB 3834 Explainer
The bill requires that all state and local government employees, and contractors with access to their respective government computer system or database, take an annual cybersecurity training course certified
The training course must be completed by June 14 to comply with the first annual deadline.
In compliance with HB 3834, TAC now offers a 45-minute cybersecurity training course at no cost to county members that is certified by DIR. The course focuses on forming habits that secure information and teaches best practices for identifying and addressing security threats. This is in addition to TAC’s existing cybersecurity awareness training program, offered to nearly 12,000 county officials and staff members over the past year.
For more information or to enroll your county, check www.county.org/Cybersecurity.