State and local technology experts met in Raleigh on Friday to talk about how government agencies can keep data safe.

Cyberattacks against state and local governments are on the rise, with agencies often seen as an easier target than businesses:

“If you think about all the services that a government entity provides to its citizens, the impact is immeasurable,” said Maria Thompson, chief risk officer in the state Department of Information Technology.

In an average month, Thompson said, state computer systems are hit with 12 million malicious events. Organized crime rings around the world are making money by stealing personal information off computers, she said.

“They’ve monetized this,” she said. “They’re always on, trying to penetrate our environments, trying to get access to our data.”

At a meeting in Raleigh, government IT workers played the other side, solving hacking challenges to learn the latest tricks hackers are using to get into secure systems.

Still, the weakest link in cybersecurity is the human user, Thompson said.

“Practice hygiene – cyber hygiene,” she said.

Thompson says the best steps users can take are actually the simplest ones. Don’t download apps without checking them out. Don’t click on links or attachments in emails. Quit putting off those system updates.

“Do your research,” she said. “When you’re updating your servers or your workstations, remember to make sure that you’re doing it on a timely basis. Use that windows update. Download those files. Upgrade your system. Make sure your anti—virus is in place.”

In August, a state Department of Transportation worker, fooled by a bogus invoice, wired $35,000 to hackers. Thompson and her team got the money back, but she said that serves as a reminder to everyone – if you get a bill or invoice you aren’t expecting, even if it looks legitimate, double-check it before you give out any of your banking or credit information.