San Mateo County Grand Jury • 2019-2020

Follow-up on Responses to the 2019-2020 San Mateo County Civil Grand Jury Ransomware

5 pages

View Original PDF

⚠️ Translation Notice: This content has been automatically translated. The original English text is the official version. Translation may contain errors.

⚠️ Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.

Recommendations 2

R1

Each of the governmental entities in San Mateo County with an IT department or IT function (whether in-house, handled by another government unit or outsourced to a private enterprise) as listed in Appendix F, should by November 30, 2020, make a request for a report from their IT organization that addresses the concerns identified in the report, specifically: 1. System Security (Firewalls, Anti-malware/Antivirus software, use of subnets, strong password policies, updating/patching regularly) 2. Backup & Recovery (In the event of an attack, can you shut down your system quickly? What is being backed up, how it is being backed up, when are backups run, and where are the backups being stored? Have backups been tested? Can you fully restore a Server from a backup?) 3. Prevention (turning on email filtering, setting up message rules to warn users, providing employee training on phishing and providing a reporting system to flag suspect content)
R2

These confidential internal reports should be provided to the governing body by June 30, 2021. This report should describe what actions have already been taken and which will be given timely consideration for future enhancements to the existing cybersecurity plan. . APPLICABLE RESPONDING AGENCY FOLLOW-UP RESPONSES RECOMMENDATION City of Atherton R2 Implemented. City of Belmont R1 Implemented.

No Responses Found 1

Government entities assigned to respond to this report. No response documents have been linked in our database.

San Mateo County Board of Supervisors Elected County Office