The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. In order to provide thousands of essential public services ranging from disaster assistance to social security to water and electricity, the City of Roseville must ensure our cyber infrastructure is safe, secure, and resilient.
How Does The City Protect Our Infrastructure, Business & Customer Information & Data?
Aside from the confidential security methodology that we utilized to protect the City, our team has put into effect many other measures to protect the critical infrastructure and business/customer account information. For example:
- We maintain a multi-layers security programs that combines people, tools, controls and technologies to protect our data.
- We work collaboratively with many private businesses and governmental agencies to address any potential threats / malware outbreak, and continuously monitor our systems through automated notification system.
- We use advanced encryption technology to secure our communication with all external websites (using https:\\ protocol and vpn-virtual private network).
- The firewall & anti-virus programs utilized pattern analysis & advanced analytical systems to detect suspicious activity, and prevent unauthorized access to City’s systems other operational controls include limiting the number of Network Administrator / Super User privilege on the computer and regular penetration testing.
- We limit the number of individuals who have access to personal/customer and sensitive information. •We provide e-learning and information tool sets to educate the team about privacy and security.
- We provide cyber insurance coverage for all business transactions.
- We also enforce internal measures, such as policy and discipline.
What Can You Do To Help Protect The City?
We believe security is a partnership effort among all of us – staff and Citizens of Roseville. While your IT Department works hard to protect your information to make sure our businesses & customer information is safe! You can help by doing your best to take the preventive steps on the best practices recommended – some of these include:
- Secure Your Mobile Device
- Keep Your Operating & Security Program Up-To-Date
- Beware of Phishing Email & Ransomware
- Stop/Think before You Connect/Post To Internet or Social Media Sites, & Change Your Password Regularly
Wireless Wi-Fi Security Flaws
Many of you have probably heard in the news about a new flaw in wireless (Wi-Fi) security called ‘KRACK’. For those of you who have not, ‘KRACK’ is a recently discovered vulnerability which could allow attackers to intercept sensitive data being transmitted between a Wi-Fi access point and a computer or mobile device, even if that data is encrypted.
We would like to provide some quick facts on what exactly it is and how to stay protected;
•Our systems here at the City are not vulnerable to this, due to layers of encryption and protection. In addition, we update City computers and devices on a regular schedule.
•An attacker has to be in wireless range of a vulnerable system to exploit this flaw.
•There is no easy-to-use software available – yet, to carry out an attack.
•Any sessions that use another layer of encryption, such as HTTPS (lock in the browser URL) are generally safe from this attack.
•Many older devices and operating systems that are past end-of-support that will never be updated are at risk to be exploited. These include Windows XP, many Android phones, as well as wireless routers and access points.
•At some point, we can be pretty confident that an ‘exploit kit’ will be released that will make it easy to launch an attack.
So, what should you do?
•Update your computer operating systems and wireless device firmware to fix the flaw.
•If you have computers and devices that aren’t getting updated anymore (such as Windows XP and older Android phones), consider replacing them.
Cyber-Security Incident at Equifax
A cyber-security incident was announced yesterday by Equifax that could potentially affect 143 million U.S consumers. Sensitive information was exposed during the breach of the credit monitoring agency, including names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers.
According to USA TODAY, the company established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine whether their personal information may have been compromised. The website allows consumers to sign up for credit file monitoring and identity theft protection. The program, offered without charge to U.S. consumers for one year, includes monitoring of Equifax, Experian and TransUnion credit reports, copies of Equifax credit reports, identity theft insurance, internet scanning for Social Security numbers and the ability to lock and unlock Equifax credit reports.
Ransomware Attacking the Internet Again
A new worldwide ransomware campaign is encrypting computer storage devices, thereby denying access to the entire system. The campaign, known by various names including ‘Petrwrap’, ‘GoldenEye’ and ‘NotPetya’, has already caused serious problems in many organizations around the world. The initial entry point is generally an infected email attachment or web site.
As a reminder, any message that contains or links to an attachment, especially if it is in the Junk Email folder, is highly suspect and should simply be deleted. Do not click on it, immediately delete the email, and remember: “When in doubt, throw it out!”
The City of Roseville is Championing Cyber Security Awareness Month during October!
This campaign is a collaborative effort led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCSA) to raise awareness about the importance of cybersecurity across our Nation.
WEEK 1 -
Multi-Factor Authentication
Double your login protection!
No matter how long and strong your password is, a breach is always possible. All it takes is for just one of your accounts to be hacked, and your personal information and other accounts can become accessible to cyber criminals.
Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. This way, even if cyber criminals guess your password, they’re still out of luck!
WEEK 2 –
Cybersecurity at Work
Businesses face significant financial loss when a cyber-attack occurs. Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure. #BeCyberSmart to connect with confidence and support a culture of cybersecurity.
WEEK 3 –
Cybersecurity at Home
If you connect, you must protect!
Our devices are great at making our lives easier and fun, but it’s important to be conscious about all the information you are generating and where it’s headed. Once your device plugs into cyberspace, you and your device could potentially be vulnerable to all sorts of risks.
These include malware that can steal information and data, destroy your hardware, log keystrokes, and infect other devices connected to your compromised device. Whether it’s your computer, smartphone, game device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on. And, if you’re putting something into your device, such as a USB for an external hard drive, make sure your device’s security software scans for viruses and malware. Finally, protect your devices with antivirus software. There are many kinds of antivirus software available, so find one that fits your needs and your devices.
WEEK 4 -
Recognize and Report Phishing
Play hard to get with strangers!
Cyber criminals cast wide nets with phishing tactics, hoping to drag in victims. Seemingly real emails from known institutions or personal contacts may ask for financial or personal information.
Cyber criminals will often offer a financial reward, threaten you if you don’t engage, or claim that someone is in need of help. Don’t fall for it! Keep your personal information as private as possible. If they have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.
If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Always avoid sending sensitive information via email.