It was a quiet Friday the week before Christmas when a series of e-mails from people I don't normally hear from popped into my inbox. Most asked if I had meant to send them a file to review. My heart sank as I realized my e-mail account had been hacked (or “speared”)—some jerk somewhere in the world had gotten my e-mail login and password and was sending virus-laden messages had been sent to my contacts. The hacker had even changed the rules in my e-mail account to delete the outgoing messages and replies so I wouldn't know anything was amiss. I felt like a victim, but the information technology (IT) folks at AWWA seemed nonplussed. “Happens all the time,” they said. Regardless, I spent the the next few days sending apology messages to those who were affected, and if you got the phishing message from me, again, I am truly sorry. So this is the world we live in. I don't think anything more than pride and trust were damaged in my case, but it could have been much worse. Consider then the constant vigilance that water system managers must keep. As described in AWWA's 2018 report Cybersecurity Risk & Responsibility in the Water Sector, this includes attacks such as using ransomware, tampering with industrial control systems, manipulating valve and flow operations and chemical treatment formulations, and employing other efforts to disrupt and potentially destroy operations. A cybersecurity attack on critical water sector operations could harm public health and safety, threaten national security, and result in costly recovery and remediation efforts Besides direct attacks causing contamination or outages, other attacks could include theft or destruction of sensitive personal information from employees or customers. Thankfully there is an abundance of guidance, and topic experts at AWWA have developed resources for the water industry. Cybersecurity requires a commitment to action as part of an all-hazards risk management strategy as recommended in AWWA G430-14 Security Practices for Operations and Management. In addition, the AWWA Cybersecurity Guidance & Use-Case Tool provides guidance and specific actions for system managers and operators (www.awwa.org/cybersecurity). Besides these resources, there will be plenty of security-related discussions at the Utility Management Conference in March 2019 in Nashville, Tenn. As much as we must work to prevent the worst from happening, we must still prepare for the worst as if it were inevitable. For my part, I chose an updated password that reminds me of my stumble every time I log in. And while most of us don't face threats to process control systems, it is everyone's responsibility to stay aware of potential threats and try to prevent attacks whenever possible. At a minimum, don't click on or open anything that is unfamiliar, questionable, or even suspicious. Verify that your anti-virus software is updated regularly and that your system has the latest security patches, and regularly change your passwords. This month's issue of Journal AWWA focuses on water-smart cities. Feature articles highlight new ways to collect and use data for water loss control, operations strategies, and energy use. Please submit your practical perspectives for publication in Journal AWWA and consider AWWA Water Science for publication of your peer-reviewed original research.