Any organization with an online presence, or any individual who is online, is constantly threatened by cyber-attacks perpetrated by criminals trying to steal information that can be sold. New Jersey municipal governments are no exception, and the Bloustein Local Government Research Center at Rutgers University has been assisting New Jersey’s local governments as they look to improve their technological proficiency and mitigate cyber threats.
One of the most prevalent tactics in use by cyber criminals involves deceptive and fraudulent emails. The emails are designed to trick employees who manage a town’s fiscal activities into transferring municipal funds to a criminal instead of an intended recipient. These attacks occasionally succeed, and to help public agencies improve their ability to defend against these social engineering attacks, Bloustein Local has been helping local officials improve their cyber hygiene, manage their technologies, and develop better internal controls to defend against this type of deliberate exploitation. Through this collaboration, municipal agencies are learning to better manage the risks presented by their information, communication, and operational technologies.
In a recent presentation at the spring conference of the Government Finance Officers Association of New Jersey, Marc Pfeiffer, assistant director of Bloustein Local and the principal investigator of its Technology Risk Management program, delivered a presentation entitled: “An Overview of Technology-Based Financial Fraud and Countermeasures.” During the session, he described a variety of potential threat scenarios favored by cyber criminals aiming to disrupt local fiscal operations. Mr. Pfeiffer also recommended measures that the association’s members could take to avoid falling victim to these threats. As part of the Center’s outreach strategy, a short, online video of this presentation is now available to association members and other local government officials.
Mr. Pfeiffer has conducted similar presentations to the New Jersey Municipal Management Association, the state’s professional association of municipal administrators and managers, and the Bergen County League of Municipalities. He has also spoken to many groups of government employees regarding the importance of practicing good cyber hygiene, instructing them on the best ways to protect themselves and their organizations from naively and carelessly responding to fraudulent emails that have the potential to expose their agencies to embarrassing, disastrous or costly consequences.
Bloustein Local’s research on technology risk management is sponsored in part by the New Jersey Municipal Excess Liability Fund (MEL), a joint local government insurance fund that provides excess liability coverage, safety programs, and other services to almost 600 government agency members.
The Center recently completed the second phase of its work, a series of recommended minimum technology standards, for the MEL. When met, these measures can help reduce the most prevalent technology risks that organizations face. These guidelines are part of the MEL’s Cyber Risk Management Plan. As an incentive, member agencies who follow the program can lower their deductible on a cyber insurance claim by up to 75%. More importantly, however, they can reduce their risk of becoming the victim of a destructive cyber-attack.
For more information contact Marc Pfeiffer, assistant director, Bloustein Local Government Research Center, marc.pfeiffer@rutgers.edu