October is National Cyber Security Awareness Month. This campaign, sponsored by the Department of Homeland Security, aims to help everyone stay safer and more secure online. The theme for 2016 is that cybersecurity is everyone’s responsibility. Whatcom County government, as custodian for key public data and systems critical to our community, is embracing this campaign as an opportunity to educate ourselves and our employees along with our community to apply stronger measures to safeguard public data and systems.
The stakes are higher than ever for keeping key Whatcom County government technology systems up and running. The county launched its new website in 2015, and new content and features are added every day. Many services that required a trip to the county courthouse are available online. Citizens can apply for marriage licenses and jobs, search real property records, register to vote, access County Council documents and live-stream council meetings, reserve park facilities, pay court fines, buy Lummi ferry tickets, sign up for notifications about areas of special interest and find ready access to an ever-growing array of public records.
We are making our behind-the-scenes systems more secure by updating network firewalls and implementing new networking tools to better detect and respond to problems.
Cyber threat activity continues to increase in workplaces and at home. Information on computers can be stolen, altered, accessed and even held for ransom. More than one-third of U.S. consumers have experienced a computer virus, hacking incident or other cyberthreat this past year.
Sign Up and Save
Get six months of free digital access to The Bellingham Herald
FBI Director James Comey testified before Congress last week and said “the pervasiveness of the cyberthreat is such that the FBI and other intelligence, military, homeland security, and law enforcement agencies across the government view cybersecurity and cyberattacks as a top priority.”
According to the FBI, the most prolific cyberthreats include:
Ransomware – a type of malware that infects computers and restricts user access to their files or threatens the permanent destruction of their information unless a ransom is paid. In addition to individual users, ransomware has infected schools, hospitals and police departments.
Business email compromise – a type of payment fraud that involves the compromise of legitimate business email accounts for the purpose of conducting unauthorized wire transfers. These scams have caused estimated losses of more than $3 billion worldwide.
Intellectual property theft – involves robbing individuals or companies of their ideas and inventions following an unauthorized intrusion into private computers and networks.
At Whatcom County, we are taking a number of steps to prevent or minimize the impacts of potential threats. First, we are making our behind-the-scenes systems more secure by updating network firewalls and implementing new networking tools to better detect and respond to problems. Second, we are partnering with national cybersecurity organizations for access to the latest resources and intelligence. Third, and perhaps most important, we are promoting safe computing practices within our organization. These simple practices also make sense to follow at home:
Be wary of all emails with attachments.
Intrusive software can get into computers through attachments, especially ones with certain file extensions (.exe, .vbs, .bat …). Even if you know the sender, make sure an attachment makes sense before you open it. A sender with bad intentions can forge addresses to mislead you. If you are unsure about an email or an attachment, simply call your friend or contact to check.
Be wary of links.
Intrusive software can also gain access to your computer from clicking on a link within an email or from a website that unknowingly takes you to a malicious website. If a link looks suspicious, even if you know the sender of the email, it is best not to click on it.
Protect personal information.
Be wary of requests for personal information as “verification.” Do not send account numbers, Social Security numbers, passwords, etc. via email or text.
Make passwords long, strong and unique.
Take special care with passwords for sensitive accounts like online banking and email. Use security features such as pass codes sent to your smartphone as part of your login process.
Keep security software current and updated.
Having the latest security software, web browser and operating system are the best defenses against computer viruses and online cyberthreats. Consider turning on automatic updates to have software automatically connect and update to defend against known risks.
Be cautious with USB devices.
Flash drives and other external devices can introduce viruses and malware to your computer. Refrain from connecting flash drives to your computer that you may find in a parking lot or other public place. Use your security software to immediately scan any flash drive that you plug into your computer.
Computer security will be an ongoing initiative for our organization. Whatcom County has more than 1,200 computers with access to the internet to protect. We operate large business systems with sensitive data supporting vital services to our citizens. In addition to prevention, we are installing stronger backup systems so we can recover data and resume operations if we do face an intrusion or disruption due to an emergency. Our daily life, economy and national security increasingly depend on reliable online computing. We encourage everyone to learn and apply techniques to stay safe online during this National Cyber Security Awareness Month.
If you have questions about county IT security, please give me a call or send me an email at email@example.com or 360-778-5230.
Perry Rice is Whatcom County Information Technology manager. This is one of a series of monthly Civic Agenda reports The Bellingham Herald invited Whatcom County Executive Jack Louws to provide to share updates about Whatcom County issues and projects. He invites citizens to contact him at 360-778-5200 or firstname.lastname@example.org.