A few clear lessons emerge for local government leaders:

1. Be prepared for an attack. Regardless of your size (Key Biscayne or Atlanta), expect to be hit with an infection that will take your computers offline.

• Ensure you have offline daily backups of data and applications.

• Ensure you have the technical ability to detect, contain, and respond to a future attack.

• Rehearse your incident response (IR) plan. Know in advance what steps the organization should take, who they will contact, and who can provide help.

• Consider a cloud first strategy and workstation virtualization that allow immediate refresh.

2. Perform a security assessment to gauge the organization’s ability to detect, respond, and recover. Leadership should expect the IT organization to report on their preparedness or a cyber crisis just as they expect first responders to have an assessment for an active shooter situation.

3. Conduct awareness training and phishing simulations for all employees on spotting malicious emails and phishing attacks. The attack methods look very realistic. Employees need to practice identifying and need to know what action to take.

4. Review your cybersecurity insurance coverage. Much of the initial ransom cost could be covered with the right insurance policy, however, understand that an insurance policy alone will not protect services; it will only help the government recoup some of the cost.