As this blog is being written, the U.S. has reinstated all government services that were impacted by a shutdown that lasted about four weeks. Another shutdown is looming, if Congress and the President cannot get together on new border security legislation.

In these situations news coverage typically focuses on which agencies are closed and the financial struggles of furloughed workers. However, there is another concern that is equally significant – the increased threat of a security breach.

During the January shutdown, the federal government’s Cybersecurity and Infrastructure Security Agency did not have the services of 1,500 of its 3,500 employees. It’s impossible to quantify the exact impact of that shortfall, but it is certainly possible that software security patches were not always updated as needed. And once the shutdown ended, there was likely a backlog of tasks that will also be delayed.

We already know from daily headlines that Russia (and probably China and Iran) is trying to infiltrate government websites. What better time to go after classified information than when our defenses are down? And the longer the shutdown, the bigger the risk.

Another online issue relates to the suspension of some online activities.

For instance, the manufacturing.gov site was unavailable during the shutdown. That may seem like more of an inconvenience than a security threat. But it’s also an invitation for malicious IT experts to set up a fake manufacturing.gov site and mine the personal information of unsuspecting visitors. If someone visits the fake site and enters a password, the hacker will gain access to their personal information.

Official government sites all have security certificates, of course. But if they expire because of a shutdown or through sheer negligence, it presents an opportunity for cyber-criminals just waiting to be exploited.

Assessing the extent of the risk during a shutdown is complicated, as the Department of Homeland Security’s Cyber Division will not publicly comment on their status or about which IT workers are at their posts.

While it’s important that everyone be vigilant online, some extra care to stay safe is recommended in these situations.

Ransomware is another ongoing threat, especially at government and public sector websites. 360Civic is proud to announce the publication of Ransomware and Municipal Websites: A Prevention and Protection Strategy, a white paper that explains what ransomware is, how it works, and why it so frequently targets websites connected to state and local government.

The document is available for free on our website.

Ron Zayas

CEO

Ron Zayas is an online privacy expert, speaker, author, and CEO of 360Civic, a provider of online protection to law enforcement, judicial officers, and social workers. For more insight into onli... Read more

Why Your Online Privacy Will Always Be Our Top Priority
The Onerep Betrayal: And Why Your Privacy Will Always Be Our Top Priority
Earlier this month, it was revealed that an alleged privacy protection provider called Onerep was playing fast and loose with the personal information of its clients.
Read More
""
It’s Not Too Late To Restore Your Online Privacy
There’s an old saying that you can’t put toothpaste back in the tube. It simply means that some actions, once taken, can't be undone.
Read More
""
America is Number One!... in Ransomware Attacks
Data breaches and ransomware attacks are a global threat – but a recent report revealed that American organizations are a favorite target.
Read More

Stay up to date with online privacy best practices and news

Signup for our free IronWall360 newsletter