SAN ANTONIO – Six months ago, cybercriminals attacked local government agencies in 23 Texas cities. The statewide attack brought the Lone Star State to the front and center of the discussion about cybercrime.
“Municipalities are always a target because we have very complex systems, broad responsibilities. Here in San Antonio, we have more than 40 departments and city services, almost 13,000 employees,” said City of San Antonio IT Director and Chief Information Officer Craig Hopkins.
Hopkins said he consistently prioritizes cybersecurity for those reasons and instead of training employees once a year, he sends out information once a month.
“Up to 95% of the incidents we have are usually driven by human error,” he said.
Hopkins teaches city employees about the main types of cyberattacks. He said “phishing” is the most common.
“Phishing basically says, ‘I want you to click on a link, and I want you to give up some information that you may not normally give. I can take over one account, and then I can impersonate you inside of your organization and move horizontally,’” Hopkins said.
He then explained a concept called “whaling.”
“Think of that as a big fish. People of a certain title, city manager, the chief financial officer -- targeting them because if you can impersonate them, you can create influence over other people, so financial scams tend to come out,” Hopkins said.
Hopkins also warned about physical security, which can include people looking over your shoulder at confidential information, people calling your phone pretending to be someone else or people piggybacking into facilities where employees use an access card.
He said he could not go into specific technicalities of the city’s protective system, but he said all businesses should be taking preventive measures, especially agencies or companies with outdated systems.