For several months, PACIF and VLCT have been providing cyber-related information to members and encouraging them to take steps to upgrade their computer systems and networks. This is for good reason: public entities have, unfortunately, become profitable targets for cyber criminals.
While it is critically important to make sure that municipal computer hardware, software, backups, and operations conform to best practices as much as possible, national data confirms that employees continue to be a major source of data breaches and ransomware events because they click on links in phishing and bogus emails or fall for social engineering schemes which result in wire transfer fraud.
Cyber experts recommend that employees receive regular training on phishing and other cyber risks to reduce the possibility that they will inadvertently start the chain of events that leads to a data breach, ransomware/extortion event, etc. To help PACIF members reduce their cyber risk, the PACIF Board of Directors has authorized funding of KnowBe4 services for PACIF members in 2022.
KnowBe4 is an integrated platform that provides online security awareness training and simulated phishing attacks. Although the final details of the program are being finalized, the expectation is that members would have the ability to make a discounted purchase of the “Diamond level” service, which provides short & fun monthly trainings that remind email users how to be on the lookout for phishing and spear-phishing attempts. Members with more than 100 email users would be eligible to purchase the optional Phish ER service. This sends bogus emails to users and notifies the member about which users click on the decoy links, so that additional training can be provided. The purchase of these services would then be reimbursed by PACIF.
More details about this new program will be sent to members when program details are finalized.