That One Click Can Set You Back 10 Years

Ben Brown, NCLM Communications & Multimedia Strategist

NCLM training ups cities’ cyber defenses, awareness.

It was March 18, a little after 8:30 p.m., when Shelby Police Chief Jeff Ledford got the call that turned everything upside down.

On the other end of the line was the city’s 911 communications director. “We’ve got a problem,” he told Ledford.

The problem, Ledford learned in general terms, was that some form of malware—a software created with the intention of doing harm—had hit computers there. Ledford was told it had their systems “kind of crippled,” so he went back to work to have a look.

“When I walked in, that’s when it started to hit me that this is bigger than just a small malware attack,” Ledford said.

Every computer was down. The 911 screens and telephone systems, all down. Ledford walked into his office at police headquarters to think, pulled his computer up, and realized it was everywhere.

“This attack had impacted our entire city,” he said. Cell phones, email, even the ability to look up how many unused vacation days an employee had—everything was frozen under a ruthless cyber attack. “We technically did not know who worked for the city,” the chief said. “We were completely blind in every facet of the city.”

What happened to the City of Shelby—which forced Ledford and other city leaders to totally and painfully change how they performed essential business while they worked to rebuild digital access—is, unfortunately, not an extreme-end example of what consumers, businesses, and governments are up against in their increasing reliance on connected computers and internet processes.

Shelby Police Chief Jeff Ledford discussing the RYUK ransomware attack his city experienced this year. Photo Credit: Ben Brown.

That’s why the League has amped up its role in helping municipalities create the best possible defenses against cyber crime. Lately, it’s connected with cities and towns across the state through its Cybersecurity for Municipal Officials Virtual Workshop training, which examines common threats and mitigation strategies.

The League has made this training, led by League experts including Risk Control Consultant Matt Reid, free to NCLM insurance pool members. Non-pool members can participate for $45, which is almost immediately recouped by the defenses and strategies learned toward averting what can be a disturbingly expensive crisis.

The fallout costs are growing, too. The damage toll of global cybercrime has mushroomed into a projection of $6 trillion by 2021, up from the $3 trillion of 2015, according to Cybersecurity Ventures, a firm that keeps tabs. Their experts say it represents more money than does the trade of all major illegal drugs combined. And it can be a massive problem for the business and governmental worlds that so often connect on efforts to innovate and incentivize—and can’t if their systems are seized.

“We were at ground zero,” Chief Ledford said of Shelby’s situation.

Ledford warns against the common mindset that cybercriminals only care to target big cities or agencies with sizable coffers. The truth is these internet crooks are happy to take advantage wherever vulnerability exists, and individual towns around the country have been shaken for hundreds of thousands of dollars or more in ransom or rebuilding work each time. New Orleans’ recovery from a cyber attack cost the city beyond $7 million.

Past editions of Southern City have covered some of the more common vulnerabilities, which are expanded upon in the League’s training courses. But they bear repeating, particularly what’s often the first failure in defense: human behavior.

Cybercriminals often apply social engineering to get people like city hall employees to break from normal security protocol and best practices in order to gain access to things of value, whether they seek to take a computer system ransom or help themselves to sensitive data, like passwords, credit card numbers, or bank info. Employees need to be aware of these efforts, as attackers are increasingly relying on psychology and behavioral knowhow to trick unsuspecting people into providing money or data or clicking bogus links that let viruses through.

“That one click can set you back 10 years,” said Ledford, whose agency had to revisit the days of pen and paper for every step of office work that had required computers and connections.

“Spear phishing” is the term for when a cybercriminal selects a specific victim (such as a city hall employee who has access to what the criminal wants), makes a fraudulent request that appears credible to that person (often by impersonating a supervisor or other legitimate authority), and is successful in getting that unsuspecting employee to act on that request. That’s the slickest type of phishing scam and accounts for more than 90 percent of the attacks. Again, costly.

Ransomware is brutal when it happens. It’s a type of malware that the criminal uses to lock a victim out of his or her own computer files or accounts. It can apply to entire city governments. Ransomware typically spreads through phishing emails. Outdated applications and operating systems are the target of most attacks.


The League’s virtual training sessions go deeper into the topic of attacks, vulnerabilities and how to stay safe. You can access this training at

It’s important that cities and towns go through this training. In the time it took you to read this article, multiple individuals, businesses and government agencies have been attacked. According to a study out of the University of Maryland, an attack happens somewhere every 39 seconds.