Earlier this year, a fire department reached out to us about an incident where their fire software that had been hosted on internal servers had been compromised, leaving them without the data they needed to run operations efficiently. This cyberattack led them to get in touch with Emergency Reporting (ER) to take advantage of our cloud-based fire software and eliminate their need for internal hosting. Unfortunately, this story is all too common. In this blog, we will teach you about what types of cyberattacks your department could be vulnerable to, and the steps you can take to protect your agency.
One of the largest changes in the fire service today is the advent of technology. While technology can keep firefighters safer and better prepared for their job, there is an increased risk. Every 39 seconds, there is a cyberattack. These attacks can hijack technological systems and jeopardize the ability for you to save lives. As a result, it becomes every department’s responsibility to learn about cyber security now instead of learning these lessons the hard way.
With all that is on the mind of a firefighter, it’s understandable if something as simple as being cautious with an email is overlooked during a stressful day. However, one small slip could cause an entire department to fall victim to a hacking attack that can cripple internal communications and data storage or compromise sensitive information for both department members and everyday citizens. Below we will cover some of the most common types of cyberattacks your department may face.
There are many types of security breaches that can occur including phishing, ransomware, viruses, and trojans. One of the most common and profitable for hackers is ransomware, which works by encrypting a victim’s hard drive, denying them access to key files and demanding a ransom to decrypt the files and give access back to the user. Just last year, municipal systems in Atlanta, GA were attacked, causing widespread outages that halted many city services. The attackers demanded $50,000 in digital currency and cost the city much more in data recovery costs. The damage costs of ransomware are $10 billion in 2019 and attacks are growing more than 350% annually.
An IoT (internet of things) device is any device that has the ability to transfer data over a network without requiring human-to-human or human-to-computer contact. These devices can be targeted by cyber attackers and if not properly protected, could leak sensitive medical information or even put lives at risk. For example, if an insulin pump were to be compromised, an attacker could alter the data and cause the pump to deliver a potentially lethal does of insulin. IoT attacks were up by 600% in 2017 and are becoming a greater risk due to the growing number of IoT devices, like smartphones, that can be hacked in as little as 5 minutes.
Phishing scammers use email or text message to trick you into giving them your personal information. They may try to steal passwords, account numbers, or Social Security numbers. Phishing emails may even appear to come from a company or person you know and trust. Scammers often create messages similar to what a bank, credit card company, social networking site, or online payment website/app would send. When targeting your fire department, they may send emails that appear to come from mutual aid agencies, non-profit organizations, or the federal government.
Ways to Protect Your Department
- Use complex passwords: don’t use the same exact password for multiple accounts. Passwords should be changed every few months.
- When using IoT devices: be sure the medical facility has a secure network infrastructure and that equipment calibration verification policies and processes are continuously reviewed and updated. Training should also be provided to users and patients to ensure they’re aware of the risks associated with using an IoT device.
- Use cloud-based systems whenever possible: Using a cloud-based system like Emergency Reporting eliminates the need to keep your data on physical servers, which are much more prone to being hacked. This way, your data will be backed up to the cloud and at lesser risk of exposure to hackers.
- Raise awareness: 95% of data breaches can be attributed to human error. Make sure your team is aware of the common threats and the importance each person plays in keeping your department secure from cyber attackers. Here are some training opportunities for firefighters:
- Protect your data and services: Use features like automated security updates and differentiate access to files and data. You should limit user access within systems like ER to only include the information they need specifically to do their job.
- Establish a policy on cyber security: Create a policy to cover basic expectations for firefighters, as well as some best practices for cyber security. It should cover what to do if a data breach has been discovered. Here are a few templates to get you started:
In general, utilizing software providers that care about security is imperative. Choose providers that are knowledgeable about how their product keeps data safe, and hosts in environments that are focused on the same. Emergency Reporting software is hosted in the Microsoft Azure secure environment, and is trusted by many government agencies including the United States Army and the National Institutes of Health Division of Fire and Rescue Services. If you’d like to try out our system, use the free trial button below and feel free to contact us with any questions.
If you would like even more tips or want to read up on other cyber security risks, check out this guide from the American Military University.
 Clark School at the University of Maryland
 Cyber Defense Magazine
 Cybint Solutions