This article is posted with permission from VC3's blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. VC3 is solely responsible for the article’s content.
This article originally appeared on Sophicity's CitySmart blog.
Do you think about hackers in an outdated way? For example, you might imagine lesser hackers as extremely intelligent yet rebellious teenagers in their basement trying to hack into someone’s servers or computers. And you might imagine more experienced hackers as part of international organizations that make concerted attacks on high-profile targets such as the United States government.
In reality, hacking has evolved like most information technology. It might surprise you to know that modern hacking is largely automated. That means hackers are using software to probe thousands and thousands of computers in order to look for weak spots. And once they find a weak spot, they attempt to break in.
That’s why your city is a target. You might think, “Why would some hacker target my small city?” They’re not. They’re scanning thousands of targets. Eventually, that scanning will find you—detecting your weak spot and exploiting it.
Many incidents on the news discussing the aftermath of hackers attacking smaller, lesser known cities show that’s the case.
So, how do you avoid becoming a target? Here are five key areas where you may be leaving yourself open to hackers.
1. Human Error
We have to begin here because even the best security can’t prevent a human being accidentally giving a hacker access to a city’s information. How does that happen? Many people still get fooled by malicious email attachments, websites, and online software. Even “fun” things like online games and social media quizzes can contain viruses, malware, and spyware. You need to train employees about malicious online content and regularly review tips and advice with them. The easiest way for a hacker to get in is when someone lets them in the door.
2. Weak Passwords
SplashData got a lot of press recently when they published the most common weak passwords in 2015. Many, many people still use horrible passwords such as “123456” and “password,” and then wonder why they got hacked. Remember, hackers are using automated software to look for holes. That automated software includes easy tools to guess common and weak passwords that are easy to crack. You need long, strong passwords with a mix of letters, numbers, and special characters to help secure yourself.
3. Unsecured Wireless Access Points
You ever go to a coffee shop or public place and look for wireless access on your laptop? You probably notice some of the connections are secured and you need a password to access them. But some are “open” and you can hop on without a password. While open access points make it easy to get Internet access, they are incredibly dangerous if they’re set up that way at your city. Make sure every one of your wireless access points is secured—meaning the data is encrypted and access requires a password. Otherwise, you’ve left open another door for hackers.
4. A Firewall with Holes
Think of a firewall like you’re going into a secure government building like the White House. Guards at the gates will rigorously check each and every person who enters and who leaves to make sure that no threatening or suspicious people cause any harm to the President and his staff. We shudder to think what would happen if the White House lacked that security. Now, think of your firewall like White House security. If your firewall is improperly configured (or even non-existent), that means any hacker can enter in through a "gate." Your IT staff or vendor can make sure your firewall is set up so that it’s inspecting all suspicious cyber-intruders and preventing them from entering.
5. Gaps in Your Operating System and Internet Browsers
An operating system such as Windows often delivers up a series of updates and patches every week or two. Similarly, Internet browsers such as Internet Explorer regularly update the software that allows you to access the Internet. If these updates and patches are not installed, you increase the risk of hackers exploiting known security gaps that companies work so hard to find and protect you from. Make sure your IT staff or vendor regularly applies updates and patches to your operating systems, Internet browsers, and any other software.
Your goal? Preventing hackers from attacking your city is similar to physical security. Make sure you don’t let suspicious users inside, and make sure you monitor and inspect the information going in and out. While there is always a chance of a hacker finding a way in, shoring up the security behind these five items will go a long way toward helping you fend off hackers.