Article Read Time
Many people are excited about Artificial Intelligence, while others fear it. Both perspectives are valid!
A county clerk in western Kentucky asked me a quiet question last month. Was it safe to open the email attachments her vendor sent her every week? She was not being foolish. A neighboring county had just been locked out of its own records for eleven days. No one had ever sat down and explained, in plain words, what she should do on a Tuesday morning.
That is why I am writing this. The headlines are built to scare you. The vendor pitches are built to overwhelm you. Neither will keep your office or your business safe. What will keep you safe is a clear head and a short list of habits.
Let me start with what is new. Artificial intelligence, often called AI, is computer software that can write, speak, and even copy a person’s voice. Criminals are using it. A phishing email five years ago often had bad grammar and a fake-looking logo. Today, the same crooks can write a clean email, copy your accountant’s voice from a 30-second clip on LinkedIn, and put together a short video call that looks real for a critical minute.
I have seen this happen. A family-owned contractor wired more than $300,000 to a scammer who posed as their supplier. A school superintendent got a voicemail in her own voice asking staff to move money. These are not Hollywood hacks. They are cheap services sold on the same black-market sites that once sold stolen credit cards.
Here is the part that should give you hope. Most break-ins still start the same way they did 20 years ago. A stolen password. A piece of software that was never updated. A staff member who clicked something they should not have. Artificial intelligence has made the bait look better. The hook is the same. That means the basics still work. They are just no longer optional.
For a small business or a county office, four habits do most of the work.
First, turn on multifactor authentication (MFA), which means a second login step beyond a password, on every account that touches email, banking, or citizen records. A stolen password alone should never be enough to get in.
Second, keep your software up to date. Those update reminders are not busywork. They close doors that crooks are already walking through.
Third, back up your important files to a place that is not connected to your main network. Then test the backup. Try to bring a file back from it. Practice now, not during a crisis. Ransomware, a type of attack that locks your files until you pay, is something you can recover from if you have practiced. It can close your doors if you have not.
Fourth, set a simple rule for any request that involves money or sensitive data. If it comes by email, text, or voice, confirm it through a second channel before you act. A 30-second phone call to a known number would have stopped most of the wire fraud cases I have reviewed over the past year.
Now, to artificial intelligence inside your own office. The temptation is to try free tools without thinking about where the data goes. When a town planner pastes a draft memo into a free AI chatbot, that text may be stored or used to train a model owned by a company you have no contract with. When a small accounting firm uploads client files to a new artificial intelligence helper, the fine print may allow uses that your clients never agreed to.
I am not saying avoid these tools. I am saying ask three questions first. Where is the data stored? Who can see it? Does using this tool break any promises we have already made to our customers, residents, or regulators? If the vendor cannot answer in plain English, you have your answer.
Local governments carry one extra duty. A private business can pass losses to insurance and move on. A town cannot. A breach in your permitting system can shake public trust for years. I have long argued that cyber security is a line item of civic infrastructure, no less important than road salt or water treatment. Every county and every town, regardless of size, should have one named person in charge of information security, a written incident response plan, and an annual tabletop drill in which staff walk through a simulated attack. None of this requires a six-figure consultant. It requires attention.
The good news, and I want to end here, is that small organizations have advantages that large ones envy. You move faster. Your staff know one another. One good training session can reach everyone. A mayor can call the sheriff directly. Used well, that closeness is a security feature.
The risks are real. They are not magic. Fear is the favorite tool of both the criminals who run these scams and the vendors who sell against them. At Commonwealth Sentinel, we do not see ourselves as a vendor. We see ourselves as a partner in keeping you safe. We will keep writing about what changes. What stays the same is worth repeating. Lock the doors. Know your neighbors. Verify before you wire.
Talk to Commonwealth Sentinel about proactive detection, visibility, and resilience, before ransomware announces itself. To learn more about how we can help protect your organization, call Commonwealth Sentinel today. Contact us at (502) 234-5554