Common Cybersecurity Threats and What to Do About Them

Common Cybersecurity Threats and What to do About Them
Posted on 10/04/2017
CivicLive Blog - Common Cybersecurity Threats and What to Do About Them

Cybersecurity has become a hot-button issue as of late, with October being National Cyber Security Awareness Month in the United States. When the 2016 US presidential campaign ended cybersecurity stood out as one of the core issues of the campaign. Last year the Pew Research Institute conducted a survey of 1,040 Americans to determine their habits and opinions regarding cybersecurity. The survey determined that 28% of Americans lack confidence in the federal government’s ability to keep their personal information safe and secure from outside forces. In 2016 alone, the US Federal government reported that it experienced more than 39,000 cyber incidents with sixteen major breaches that included compromised data. More recently, we have seen breaches into companies like Amazon and Netflix; and even the Office of the Comptroller of Currency (a U.S. Federal regulator) had more than 10,000 records removed from their servers. Unfortunately, hacks and breaches are becoming increasingly common. With all of this in mind, it’s more important than ever to prepare your government website’s security against such malicious attacks, in order to do this properly you need to know and understand the types of cyberattacks out there.

Types of Cyberattacks

  • Trojans. The Trojan attack gets its namesake from the Greeks who concealed themselves in a giant wooden horse in order to sneak into the city of Troy. The Trojan Horse cyberattack operates much in the same way. A website tells an end-user they need to run a fake antivirus scan, or to open a certain file in order to receive access to the desired webpage. In reality, the “scan” results in the user allowing malware to hijack the browser or operating system.
  • Software breaches. We all do it, we get a notification telling us an update is waiting to install. What do we do? We hit the exit button and move on with our day. Unfortunately, by not keeping up with security patches, you run the risk of hackers using a vulnerability in commonly used software to gain access to your systems. Make sure your users are always running the latest version of programs, and don’t ignore security updates!
  • Phishing. Nobody likes spam (both the canned and email varieties). Spam emails will attempt to get users to click through to dangerous links. Often, spam emails will appear to come from an organization’s IT department, with some made-up story usually revolving around clicking on a link and logging in. When a user logs in to the fake link, hackers now have copies of the login information for that user. Education on what is or isn’t spam is the easiest way to combat phishing.
  • DoS and DDoS attacks. Both attacks focus on disrupting service to your site or network by sending large amounts of traffic through that network to attempt to create bottlenecks. Hackers will use multiple computers slaved together to create “botnets” that will repeatedly attempt to connect to a network thousands of times each minute to eventually bring it down. DDoS, DoS and BotNet attacks are rarer and harder to coordinate, so it is unlikely that most municipalities will experience one, but it’s better to be prepared than be sorry. Vigilant monitoring and off-site content hosting are some ways in which you can defend yourself.

What Can You Do?

The truth is, you can actually accomplish a lot without having to invest large amounts of time or money. The following are a few things you can do to help manage the risk of cyberattacks.

Harden Your Computers

Castles built moats, gullies and large stone walls to help keep attackers at bay. Cyber-defense is no different! Here are a few things you can do to make sure that your computer systems are “hardened”:

  • Passwords. Ensure that users are using unique passwords that are changed regularly (every 90 or 180 days as an example).
  • System Updates. Ensure that all computers are running the latest (stable) versions of their respective operating system, with accompanying security patches.
  • Antivirus. Antivirus and antimalware programs are the archers standing on the walls of your metaphorical castle. Enterprise antivirus software will ensure you have some protection against Trojans, worms and other virus and malware attacks.

Invest in Good Cyber-Hygiene and Training

Ensuring that your employees practice good cyber-hygiene is critical. The following are some things you should teach your employees and administrators to ensure good cyber hygiene:

  • Use secured versus unsecured computer systems. We all have personal cell phones and computers, and some of us may even have work email or information on these devices. It is almost impossible for IT and security staff to monitor and protect these devices. Controlling what devices connect to your networks, or what devices have access to work related materials can go a long way in limiting unwanted access to sensitive information. Try to limit offsite access to work systems as much as possible.
  • Know common protections for various security threats. We all don’t need to be experts in cybersecurity, but we should all have a basic understanding of cybersecurity so we can identify threats and defend systems against them. Ensuring that your employees are not clicking on suspicious links, or leaving their devices unsecured can make headway in the fight against hacking.
  • Develop a cybersecurity/risk management strategy. Similar to how we may plan policing resources, municipalities need to make sure they have strategies for cyber defense as well. Having a risk management policy that clearly outlines what to do in the event of a breach.

Partner with a Reliable Offsite Hosting Partner

Consider hosting your data off-site, with a dedicated hosting provider. Data centers are divided by tiers, with one being the lowest and four being the highest. Seeking out a provider that can offer tier four hosting can go a long way. Tier-four hosting centres, such those we employ at CivicLive, are designed to host the most sensitive or mission-critical information. Tier four centres are unbelievably secure; often featuring on-site security teams, video surveillance, and even finger print recognition.

Learn More About Web Security Options Utilized by West’s CivicLive solutions

Website by Civiclive. © 2024 Civiclive. All rights reserved.

We've updated our Privacy Statement to reflect the new requirements under the EU General Data Protection Regulation (GDPR) coming into effect on October 2, 2023. By continuing to use our site, you agree that you understand these policies.