Websites of Many Kansas Counties May Lack Security Against Hackers: Report

Many Kansas counties’ websites may be at risk as they lack basic protocols that make it easier for hackers to impersonate websites in order to install malware or trick individuals into giving out their personal information.

Out of 105 counties, only eight of them have websites ending in .gov, a domain extension only government officials can control, and 60 counties’ URLs start with “http” rather than the more secure “https.” Experts say it could be a serious concern for smaller governments during a time of increasing cyberattacks, KCUR-FM reported.

Local governments have in recent years become frequent targets of ransomware attacks, where hackers hold data hostage in exchange for money.

“The increased risk of ransomware attacks has led more local governments to purchase cyber security insurance,” said Tad McGalliard, director of research at the International City/County Management Association.

Election tampering is a main concern. The Kansas Secretary of State’s office is providing counties with dedicated computers and iPads so voter registration systems don’t interface with the rest of a county’s IT system.

“The best way we can ensure that voter data is protected and not compromised is by providing local election officials with these devices,” said office spokeswoman Katie Koupal.

One of the state’s largest and most prosperous local governments, Johnson County, doesn’t have a .gov domain but has bought out a few similar domain names to prevent impersonation. It also pays for a registry lock, which helps prevent its domain from being stolen.

“In the security world, you always want to have layered security,” said Chief Information Officer Bill Nixon. “You don’t want to have just one control, one key to the door.”