Cyber-attackers know that city and town officials have been gearing up for the start of school and the potential for remote learning, in school or a hybrid model all summer. The daily monitoring of the coronavirus has kept officials alert and flexible as they focus on the start of school.

Cyber-attackers also know that cities and towns often have not devoted as much time and resources into cybersecurity as private companies. So it was a perfect time—over the Labor Day weekend–for cyber criminals to hit the City of Hartford, Connecticut with a ransomware attack right before the start of school, which was scheduled for  Tuesday, September 8.

As a result of the ransomware attack, city officials had to delay the start of school, which was a major disruption to the schools, teachers, administrators, parents and students. The attack affected a majority of the city’s servers, and was certainly a distraction from other priorities.

I often hear from information technology professionals in cities and towns that they have other priorities that are perceived as more important than incident response planning, and that they are challenged by the lack of funding prioritized for cybersecurity by city officials.

The planning for the start of school was certainly a priority over the summer, but if an incident response plan is not in place, the timing of a cyber attack can throw all that careful planning right out the window.

What happened to Hartford is happening repeatedly across the country and the attacks are coming faster and with more teeth. City officials may wish to consider making cybersecurity, including appropriate budgeting and implementing an incident response plan, a priority, because it is not a matter of if, but when that ransomware attack will occur.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.