All organizations are a target for cybercriminals, but those in the public sector are a particular favorite for attackers deploying ransomware.
From healthcare agencies and municipalities to public utilities and education departments, ransomware attacks are targeting public sector organizations with increasing frequency — and success.
Recent Public Sector Breaches
Among the high-profile breaches affecting public sector organizations both big and small in your backyard in the last year:
Michigan
A massive ransomware attack in August 2024 crippled municipal networks and disrupted essential services in Flint, Michigan. Also, the state’s largest county — Wayne County — as well as smaller communities, such as Wexford County and the Sault Indian Tribe, experienced ransomware incidents.
Florida
In Florida, where researchers have reported that three-quarters of the state’s ransomware attacks over a three-year period targeted public sector entities, separate attacks in late 2024 paralyzed the state’s court system, its department of health, and, in Pensacola, phone and online services.
Ohio
Meanwhile, in Columbus, Ohio, a foreign threat group posted evidence on the dark web showing it stole 6.5 terabytes of data after gaining access to the city’s IT environment through ransomware. (The same group is thought to be linked to a ransomware attack against the Port of Seattle, which operates the Seattle-Tacoma International Airport and one of the busiest shipping ports in the U.S.)
The increasing frequency and severity of these incidents underscore a sobering reality: Ransomware is not just a technological problem, but an operational and strategic threat to the public sector.
Best Practices to Protect Your Public Sector Org from Ransomware
For organizations entrusted with delivering essential services, the stakes couldn’t be higher. To counter this evolving danger, public sector leaders must adopt a proactive approach to cybersecurity. The path forward requires more than reactive measures; it calls for deliberate, actionable strategies to safeguard critical systems and data. Below, we’ll explore eight proactive steps that public sector leaders can take to bolster their defenses and reduce the risk of ransomware attacks.
1. Prioritize Cybersecurity Beyond the IT Budget
Protecting your organization starts with a clear commitment to cybersecurity. For public sector entities, vigilance and preparation are non-negotiable. That means, to protect data, services, and operations against an enemy whose tactics are continually evolving and advancing, public sector leaders must go beyond passive defense mechanisms and prioritize cybersecurity, organization-wide. Translation: Cybersecurity shouldn’t just be earmarked as part of your IT budget; given the potential cost of even temporary disruptions, cybersecurity should be a part of your organization’s annual operating budget.
2. Invest in Comprehensive Cybersecurity Training
People are often the weakest link in cybersecurity, which is why training matters so much. Human error remains one of the biggest reasons ransomware infections occur. A click on a phishing email or downloading a suspicious attachment can be all it takes for attackers to infiltrate your systems.
Protect your organization by empowering employees with regular training that goes beyond the basics. Help them recognize phishing attempts, identify social engineering tactics, and pause before clicking on anything that seems out of the ordinary. Remind them often and keep them apprised of the latest scams. The goal is to create a culture of constant security awareness where your team feels confident and prepared to detect potential threats.
3. Implement Multi-Layered Security Systems
Cybersecurity isn’t just about having one great tool; it’s about layering your defenses. Think of it as building a fortress with multiple walls. With the right mix of tools and technologies, you can better protect your devices, networks, and applications.
A strong multi-layered system includes solutions like Endpoint Detection and Response (EDR) to monitor and handle potential threats to individual devices. Next-Generation Firewalls (NGFWs) offer smarter filtering of traffic, while Intrusion Detection and Prevention Systems (IDPS) help spot and stop malicious activities. By combining these layers, you create a more robust barrier against attackers.
4.Regularly Back up Your Data
Backing up your data is one of the smartest and most effective ways to reduce the impact of a ransomware attack. If your systems are compromised, having reliable backups means you won’t lose access to critical information and can recover much faster. But for backups to truly safeguard your organization, they need to be planned and implemented with care.
- The 3-2-1 Rule: Start by following the 3-2-1 rule for backups. This means maintaining three copies of your data, stored in two different formats (such as on-premise hardware and cloud storage), with at least one copy stored offsite. This approach ensures redundancy and protects your data from unforeseen disasters, like hardware failures or catastrophic ransomware incidents.
- Routine Field Tests: It’s not enough to have backups — you need to confirm they work as intended. Schedule routine checks to verify that your backups are complete, accurate, and functional. This extra step can make all the difference in an emergency.
- Encryption: To minimize the risk of cybercriminals targeting backups , secure those backups through strong encryption. Encryption protects your data, making it unreadable to unauthorized users, even if they gain access. But there’s another critical consideration that often gets overlooked in traditional backup strategies: keeping your backups offline and air-gapped.
- Air-gapping: Air-gapping your backups means physically isolating at least one copy of your data from any network connection. This additional layer of security ensures that even if attackers breach your systems, they cannot compromise your backups. For example, storing a backup on a removable storage device or isolated server that is not connected to the internet creates an effective barrier against ransomware. This extra precaution drastically reduces the chances of your backups being encrypted or deleted by attackers, giving you a solid safety net when you need it the most.
5. Strengthen Endpoint Security
Endpoints like laptops, smartphones, and tablets are frequent targets for ransomware attacks because they’re often the easiest way in. Strengthening endpoint security ensures these devices don’t become gateways for attackers.
Start with strict access controls so only authorized users can connect to your systems. Keep software and operating systems updated because outdated tools are like open doors for hackers. Mobile Device Management (MDM) tools can also help secure remote or distributed devices, especially with more people working outside of traditional offices.
6. Conduct Vulnerability Assessments and Penetration Testing
When’s the last time you checked your systems for vulnerabilities? Regular vulnerability assessments and penetration testing allow you to find weaknesses before attackers do. Think of penetration testing as a controlled way to simulate a real attack; it reveals where you’re most vulnerable and helps you develop a plan to fix those issues.
These proactive assessments mean you’re no longer in the dark about your security gaps. Instead, you can focus on where you need to shore up your defenses to reduce risk.
7. Enforce Identity and Access Management (IAM)
How you manage access to your systems makes a huge difference in stopping ransomware attacks. Weak or poorly managed access controls are a favorite target for cybercriminals. Strengthening Identity and Access Management (IAM) practices is a must.
This includes applying the principle of “least privilege,” which means giving users access only to the systems and data they absolutely need for their role. Turn on two-factor authentication (2FA) or multifactor authentication (MFA) for an added layer of security. And don’t forget to cut off access for accounts that are inactive or tied to former employees.
8. Develop a Comprehensive Incident Response Plan (IRP)
No matter how strong your defenses are, breaches can still happen. That’s why it’s critical to have a game plan for when they do. A well-thought-out Incident Response Plan (IRP) can help you minimize downtime and stay in control during an attack.
Your IRP should include clear protocols for communicating with stakeholders, such as employees, citizens, and external partners. Assign roles and responsibilities ahead of time so decision-making is streamlined and efficient. Regularly test your plan through drills to ensure your team feels confident and ready to respond quickly under pressure.
Empower Your Organization Against Tomorrow’s Threats
Ransomware attacks are not a matter of “if” but “when.” As cybercriminals continue to evolve their tactics and technology, public sector leaders must recognize the importance of a proactive defense and prioritize preventative measures to protect their data, systems, and communities.
While taking on the challenge of securing your entire IT environment can feel overwhelming, remember that your public sector organization doesn’t need to do it alone. By partnering with cybersecurity experts, you can more easily, quickly, and affordably leverage industry best practices, tailored solutions, and proactive, highly skilled support to bolster your organization’s defenses.
Rehmann provides tailored cybersecurity solutions that equip public sector organizations with the expertise, tools, and confidence to secure their IT environments against evolving threats. By emphasizing partnership and collaboration, we’re here to help you lead with resilience and ensure the safety of your critical infrastructure.
To learn how we can help strengthen your defenses so you can continue serving your community with confidence, click here or reach out directly to Jessica Dore, a leader of Rehmann’s Technology Solutions team, at [email protected] or 989.797.8391