If a town or city focuses on information security, they likely focus on securing servers, computers, laptops, and network equipment. However, hackers are smart, and their attacks are ever-changing. Like a thief, cybercriminals will look for weaknesses in places you overlook. If you’ve locked your doors, the burglars will try an unlocked window. If you’ve locked your doors and windows, the burglar may try to enter by posing as a trusted guest—and so on.
In cyberspace, cybercriminals apply the same tactics—and their tactics grow more sophisticated with time. They don't just go after servers and computers. Stolen or breached user credentials can allow hackers access to printers, copiers, wireless routers, webcams, and other unsuspecting weak points.
Part of a thorough information security plan includes securing overlooked items with vulnerabilities. Here are five common risks you need to address.
1. Printers and copiers
Because printers and copiers have simple functions compared to servers and computers, it’s easy to think of them as simple machines. However, they are connected to the internet and, like anything connected to the internet, can be hacked and exploited. Cybercriminals can use your printers and copiers as an easy access point into your network, and they can even spy on and steal the images captured by the copier or printer.
Do you like the idea of a hacker easily seeing everything you print or copy? You probably print and copy a lot of confidential and sensitive material. A town or city should take steps to lock down, secure, and monitor printers and copiers. Default printer and copier configurations, passwords, and security settings may not be enough security for your municipality.
2. Wireless routers
Two different mentalities around technology exist for non-technical people. First, there is TECHNOLOGY—sophisticated, complex stuff that only IT professionals know how to handle (such as a server). Second, there is technology you buy for fun at a retail store and set up yourself at home.
This distinction is important because it affects how employees treat technology. While a server or computer is more sophisticated and left to the “IT guy,” a wireless router may be seen as something you can buy during your lunch break, bring back to the office, and set up for everyone. Then, you’ve got wireless access!
The problem: You are not an IT professional. Misconfiguring a wireless router can leave open gaping security holes. You need to make sure you:
- Secure and lock down all wireless devices.
- Remove physical wireless access hardware from the public or unauthorized employees.
- Apply patches and upgrades to wireless devices.
- Use appropriate wireless hardware and configure it appropriately.
- Monitor and maintain your wireless network for security breaches.
3. Social engineering over the phone
Social engineering has become an important tactic for cybercriminals. Think about it. You can have the best digital security technology and tools on the planet, but if a cybercriminal tricks an employee into providing remote access to a PC or gets them to wire thousands of dollars to a criminal’s account, then all the digital security tools you own mean little.
Criminals use multiple methods to hack into your information. If they can get a password over the phone from you, then they can break into a server or someone’s account to access confidential and sensitive information. Municipalities needs processes to help them deter criminals over the phone and limit the information shared, even if someone sounds convincing. For example, even if you are 100 percent sure you know it’s an employee or an IT support person on the phone, you should never give out a password. Never, never, never provide someone your password. Period.
4. Unauthorized software
What starts out as employee stubbornness or rebellion leads to security risks and breaches when unauthorized software enters your network. Examples include employees who take brief breaks to blow off some steam by playing games, taking fun quizzes, or watching videos.
Each download, installation, and use of this unauthorized software increases the risks of viruses and malware sneaking in through a backdoor. A few immediate questions to ask include:
- Where did this software come from?
- Who is patching and updating the software?
- How do you know you haven’t downloaded a virus or malware?
- What happens if your employee needs helpdesk support?
- Are you sure that your employee isn’t breaking the law?
- What happens if you lose data?
- Do unauthorized people have access to data?
- What happens when software conflicts with the employee’s machine or device?
5. Mobile devices
It’s smart to limit how much business information a person’s smartphone can access. According to Reader's Digest, "Mobile security threats are on the rise: Mobile devices now account for more than 60 percent of digital fraud, from phishing attacks to stolen passwords."
You cannot rely on employees to secure their own smartphones. It’s good practice for towns and cities to either issue municipal-owned smartphones that are locked down, secured by IT professionals, and used only for business, or to limit access to data only through municipal-owned or municipal-issued desktop and laptop computers.
Do you have concerns about overlooked devices leaving gaping security holes at your town or city? Reach out to us today.
This post was originally published on September 18, 2019 and updated on November 16, 2023.