Cybersecurity Best Practices for Local Agencies

By Kristin Withrow posted 5 days ago


computer with lock
By: Jennifer Saha, CEO, Technology Industry Association of California


Summer is nearing, and the Golden State is continuing to relax COVID-19 restrictions. In time, Californians will begin an exodus out of their homes and into campgrounds and state parks, enjoying the state’s natural wonders with a renewed appreciation.


But with such a transition period, there may be bad actors waiting to take advantage of unsuspecting Californians aiming to put 2020 behind them. Cybersecurity must become a greater priority to keep up with an influx of online transactions and exposure to new networks.


Agencies and constituents should take steps to learn more about threats, including finding resources to guide them toward safer cyber practices. 


These actions alone are no substitute for consulting a trained professional who can help you navigate a specific scenario. Here are three ways to mitigate cybersecurity risks this summer:


Be Wary of Pineapple Devices


As COVID-19 restrictions continue to lift this summer, campers, vacationers, and just about anyone on the move will be accessing new Wi-Fi networks for the first time. However, not all these Wi-Fi networks are what they claim to be. 


Enter the Wi-Fi pineapple. First released by tech company Hak5 in 2008, the Wi-Fi pineapple was designed to allow “penetration testers” to attack public Wi-Fi networks and expose security risks for the benefit of the companies that hired them. But given the mass availability, low cost, and easy-to-use interface of the Wi-Fi pineapples, independent hackers are buying the devices and using them to impersonate a Wi-Fi network to obtain someone’s personal information or data illegally. 


How do you protect yourself from attackers using Wi-Fi pineapples? The first step is to carefully vet all public Wi-Fi networks, as well as your own. Only use them when necessary or if a device has been verified. If you do end up using a public Wi-Fi network, consider accessing them using a virtual private network, better known as a VPN. A VPN will encrypt your data so that any virtual onlookers are unable to extract valuable information. Finally, after using a public Wi-Fi network, make sure your device “forgets” the network so that it doesn’t connect automatically the next time you are in range of its signal.


Stay Vigilant Against Email Phishing

Every day, our email and text inboxes are flooded with coupons, promotions, payment requests or confirmations. Most are legitimate, but plenty of others are sent by scammers that impersonate real, reputable companies to obtain personal information such as passwords, credit card numbers, or even social security numbers. It’s called phishing, and there are several ways to avoid falling victim to a scam.


One of the first steps to avoid being tricked by a phishing attack is to prevent phishing emails or texts from reaching your inbox. That means updating security software on your computer as well as setting your phone’s software to update automatically. 


If a phishing email does reach your inbox, you can recognize a scam by hovering your mouse over any links. If the promotion is a scam, the links that appear over your cursor will not match the content of the email. Additionally, trust your suspicions when you receive an unexpected invoice and keep in mind that your bank will never ask you to access your account via a text message.


Monitor Transactions, Standardize and Backup Your Data Systems

Public-facing digital services, such as an online campground reservation system, increase cybersecurity risks for both customers and agencies.  A system with large volumes of activity will be more attractive for hackers. Consumers should always use a designated credit card (not a debit card) and monitor it with guidelines from the Federal Trade Commission (FTC) to avoid fraudulent charges and identity theft.  


Agencies with IT systems that contain data, either personal or financial, should take every precaution to keep it secure and reliably accessible.  The best way to keep data safe and easy to access is by standardizing and backing up your department’s IT systems. 


A strong backup and recovery system can help protect against ransomware, which attackers use to prey upon victims by encrypting their data and charging a hefty ransom to decode the information. 


There are numerous reputable products and services to help protect against threats.  Investing both time and resources into cybersecurity will benefit not just agencies but also those they serve.