麻豆传媒AV

SASKATOON - Saskatchewan has 296 rural municipalities, but the potential cybersecurity threats they face are endless.

The RM of Silverwood proposed a resolution at last week鈥檚 Saskatchewan Association of Rural Municipalities (SARM) convention to have SARM to inquire into hiring IT personnel to reduce the risk. It passed, but the question of what comes next remains.

鈥淲hether municipalities are going to start to be a bigger target or not, or maybe we鈥檙e small fish out there for these hackers, that I can鈥檛 say for sure,鈥� said Jennalee Buetler, chief administrative officer for the RM of Silverwood.

鈥淭aking precautionary steps and trying to get protocols in place, we just thought would be a good idea.鈥�

The City of Saskatoon鈥檚 loss of $1 million to a fraudster in the summer of 2021 was an example of how easy it can be for criminals to take advantage of weaknesses.

鈥淚t is a big concern,鈥� said SARM president Ray Orb.

The demand for a resolution comes after a calendar year in which SARM was unable to find favourable renewal terms for cyber liability coverage, with higher premiums and less coverage offered by a pre-existing provider. Part of the reason for the high rates is the 搁惭鈥檚 lack of protocols to prevent crime.

Cyber insurance coverage can include expenses for computer and electronic data restoration, e-commerce extortion and crisis management, according to the Insurance Bureau of Canada.

Silverwood is one example of an RM that did not go through with the coverage this year.

鈥淭hey said we are at high risk, because we don鈥檛 have enough internal protocols, IT on staff and education towards all the different kinds of threats. The coverage came back so high and with such large deductibles that it wasn鈥檛 really worth going through with it,鈥� Buetler said.

The staffing problem within RM offices persists. Offices with only a handful of employees can鈥檛 realistically take on cybersecurity issues.

鈥淩M administrators have so many tasks that they have to do, it鈥檚 virtually impossible for them to do them on their own with the way they鈥檙e staffed,鈥� said Colin Warnecke, manager of risk management at SARM.

鈥淚 don鈥檛 know too many organizations where you鈥檙e the accountant, the HR manager, the marketing individual, and the IT individual. Who could handle all of that? They really have to look at having some outside assistance in doing that 鈥� but that comes with a cost.鈥�

The price depends on the solution. Warnecke said right now, a lot of the focus is on educating RMs; SARM currently offers a $25 cyber training program for its members.

He would like RM administrators to implement good controls, preferably with IT professionals, to better protect themselves, including adding multi-factor authentication and backup systems, he said.

Silverwood suggested hiring an IT specialist, but whether one hiring would be a realistic solution to oversee the nearly 300 RMs within the province is debatable.

Brennan Schmidt, a Regina-based cybersecurity expert, said he would advocate for an economies of scale model that would put a consistent set of standards in place, but on a broader scale to save taxpayer money.

鈥淚f you can have a water agreement or a fire truck agreement in place for sharing between municipalities, I think it鈥檚 a really good time to start having the conversation as to what that may look like in the digital age,鈥� Schmidt said, noting that as demand for broadband internet access increases, so do the potential risks.

鈥淚f anything, by advocating for broadband, you are creating a couple problems. No. 1, you鈥檙e getting folks who may not have adopted technology to fast track on the technology track. And No. 2, you have this whole issue of now municipalities are going to have to start keeping pace with the demands that people expect.鈥�

Orb noted that the potential for increased susceptibility with the advancement of internet technology is a concern, but said SARM has been working over the last year with SaskTel and smaller internet service providers, on proper connectivity and cybersecurity.

Schmidt鈥檚 advice for RM taxpayers is to identify the safeguards for data recovery and whether insurance is in place.

Schmidt believes a government standard is required for RMs.

鈥淚f the government can put forth legislation that stipulates that you must have a budget that is released at this time and you can鈥檛 鈥� borrow against money that you don鈥檛 have, etc. I would say they should definitely have some sort of standards in terms of cybersecurity, because if we don鈥檛 have that, I think that it鈥檚 just going to be a disaster for the tax base.鈥�