City of Portland Breach Shows How Harmful Cyber Attacks Can Be

Portland, Oregon is home to nearly 2.2 million residents in its metro area alone, is considered the country's #1 most bike-friendly city, and last month, the City of Portland discovered that it had been rocked by a massive data breach. An attempt was made at making a fraudulent transaction on May 17th to one of the city's accounts; this highlighted to city officials that this same account had been hit one month earlier, in April 2022, when a fraudulent transaction was successfully made using city funds totaling $1.4 million.

Malicious actors online have many ways that they manage to breach their victims' systems. In this particular case, it appears that the hackers gained access to the city of Portland's systems by covertly accessing an email account for the city. Officials for the city wrote, “This incident demonstrates the growing threat of cyberattacks against individuals, businesses and communities worldwide. At the City of Portland, we have invested in technology and established policies to minimize that threat." To add to this, public information officer, Carrie Belding, said, "The city is taking action to hold accountable whoever is responsible for this fraudulent activity. City officials will work closely with law enforcement, in addition to completing the internal investigation and taking any immediate actions identified to strengthen security."

The cost of a data breach varies from attack to attack; in this breach, the city lost $1.4 million in stolen money but it is likely costing them even more than that in researching how this happened and who carried it out, along with any costs associated with getting back to work. Whether $400 or $1.4 million, a data breach is costly when it hits your business. This is why the best approach to dealing with a breach is doing all you can to prevent one, rather than the expensive task of responding to one.

How to Help Prevent a Data Breach

1. Use unique, complex passwords - This cybersecurity step should be the base strategy used by all individuals and companies alike in order to set a strong foundation of cyber-secureness. Using unique passwords for each login and making them hard to guess helps to make it so that if an individual gained access to one set of login credentials in a separate breach that they don't have the login information for all of your accounts.
2. Limit access to necessary-only - Make access to any sensitive information a need-to-know basis. This means that employees only have the authority to access information that is relevant to them and their work so that in the event of a breach impacting one employee's account, it does not give a hacker an open door to the entirety of the business' operations.
3. Only work with trusted companies - When enacting a strong cyber defense system for your own company, it is crucial that you only work with other third-party companies that do the same. If the company will have access to any of your crucial systems or vital data, they need to have just as strong cyber defenses as you have otherwise you are leaving a huge gap in your cybersecurity blockades.
4. Keep devices and systems up-to-date - Hackers are often able to gain access to company's systems by taking advantage of outdated systems or devices that are not up to date. This is yet another simple, usually free, step that can be taken to help prevent against data breaches.

Malicious actors online are constantly evolving their approaches to try and breach the networks of various entities. Follow these tips and contact your local cybersecurity professionals in order to be even better protected from such an attack.

Image from portlandoregon.gov.