How to effectively protect yourself from hacking even when you’re not a tech-savvy genius
You know that being a clerk and working in an office can be 100 times more stressful than it sounds to an average Joe. Not only do you have tons of paperwork to go through, but you also deal with answering emails, taking phone calls, coordinating projects and posting local meeting agendas and official notices on your municipal website.
The thing is – when it comes to computers, safety is not given, but earned. All it takes is one, simple error to let someone “through”, steal data or unleash chaos on your website.
And you wouldn’t even know that you were hacked until it was too late.
The risk is real…. and it’s costly
Hacking attempts not only damage the municipality’s reputation (the moment your site becomes unreachable you may expect quite a few angry phone calls from the locals), but it also costs you real money. And by real money we mean billions globally. Take a look at some statistics below:
- According to Lloyd, a British insurance company, in 2015 cyber-attacks cost businesses from $400 to 500$ billion (!!). Keep in mind these numbers don’t include thousands of additional, undetected hacking attempts.
- 68% of funds lost as a result of a cyber-attack were declared unrecoverable (as stated by Heimdal Security).
Okay, but what does hacking have to do with our small municipality? Why on earth would someone attack our office?
You probably think that those multimillion-dollar online thefts you hear about on the news or read on the internet have no real impact on your work. After all, who would be interested in gathering information on Mr. Smith’s building permits or a date of some future meeting?
Well, you would be surprised. Check the statistics below:
- Cyber criminals have forced U.S. hospitals, schools and cities to pay hundreds of millions in blackmail or see their computer files destroyed – according to U.S officials, in 2016 these “ransoms” (aka “ransomware”) cost the victims more than $200 million.
- The State of Utah claimed to have 300 – 500 million hacking attempts per day.
- In 2015 a group of amateur hackers managed to shut down the official site of the State of Maine, alongside with local municipal, news, tourism and TV websites.
Sounds a little more serious now, doesn’t it?
The Internet, Google or even Facebook are filled with some really gloomy and dangerous places – heck, we all know that life is not always rainbows and butterflies.
But you need to be aware of the fact, that there are living and breathing people out there who would love to disrupt, take advantage, steal data, or wreak havoc on your municipal website. And they will take any opportunity they might get.
At TownWeb we deal with those things on daily basis. That’s why we can tell you what “hacking” really means and give you some useful tips that will help you avoid any potential disaster. You will be able to save your municipality’s money, its reputation…. and your own skin. 🙂
Everything YOU need to know about hacking
In short, hacking is an intrusion into a computer system or computer network. It may be as simple as figuring out or stealing somebody’s email password or login name, while at other times it may rely on using specialized programs to break through security software.
Hacking can sometimes mean defacing a website, similar to what a graffiti artist does to a building wall. But it can also mean erasing all the content stored on a website, or transmitting viruses to users who connect to a specific site.
Hackers among us – about the people who want to see the world burn
“Real” hacking probably looks a bit different than what you might have seen in some blockbuster movie a few years back, like in the old classic “The Net”, featuring Sandra Bullock. Most of the time it doesn’t involve stumbling upon world-threatening conspiracy theories.
Truth be told, hacking attempts can be done by almost anybody: some bored teenager down the road, an angry local who wants to take his revenge on your municipality, a crafty IT graduate looking for easy money… or even your own co-worker trying to get his hands onto some personal data stored on your office computer.
(Naturally, don’t expect a hacker to hide behind every other corner – it’s all about staying vigilant and aware of all the potential dangers lurking on the web and at your workplace).
4 shades of hacking – learn how to protect yourself and avoid potential traps
There are so many types of hacks, viruses and other computer software intended to damage or steal online data, it’s really hard not to lose your head with all the technicalities floating around.
Take a look at the list below. It will help you get a better picture of the most common hacking techniques that you might be exposed to.
1. Direct attempts
This type is pretty self-explanatory – someone is actively trying to get onto your account or your website, bypassing all the municipality’s security channels (including its firewall).
What’s a firewall? It’s a security system, either installed somewhere as a computer program or working as a separate, physical device. Firewall acts like a barrier between a trusted network (for example, municipality’s inner network) and untrusted networks – such as the internet. All the data entering or leaving your computer passes through the firewall, which examines each message and blocks those that don’t meet its security criteria.
The person behind a direct hacking attempt can use almost anything that he has in his arsenal – viruses, specialized programs, malicious software, you name it.
What a hacker needs is the right opportunity and time. He will actively seek for a “hole” in your municipality’s security system and exploit it as soon as he is given the chance.
The thirst for revenge
Direct attempts mean that someone out there wants to do harm to YOUR website. It could be a vicious act of revenge from one of the local residents who failed to get a variance request or couldn’t get that important building permit approved. What’s even scarier, hacking attempts may come from your own coworkers or office staff.
We know it’s hard to imagine that your friendly-looking associate could be a real devil in disguise waiting to cause mayhem in your municipality network. But according to Steve King from Netswitch Technology Management, 59% of employees steal or destroy proprietary corporate data when they quit or are fired.
The more privileged the clerk and the higher level of his or her administrative power and access, the more damage he or she can cause. It doesn’t matter if they want to get their own back on their former colleagues or wish to steal some personal information – their actions may cost you and your municipality real money and tarnish its reputation.
How can you prevent it?
- Make sure that the web-hosting company you are hiring stays up with the technology. Do they perform frequent security updates? Do they monitor the municipality’s website and act accordingly on any suspicious activity? In the perform regular and on-going backups? And in the event of a disaster, do they have a procedure in place whereby they can restore the site from a recent backup?
- Keep your antivirus updated – those constant, annoying popups screaming about a required update to the program’s database are there for a reason. Try to spare a few minutes of your time and get it sorted out: it can eventually save you a lot of trouble.
- Be wary of any suspicious activity going on – perhaps your login or password changed all of a sudden, or you can’t find some super important information that was there just the other day. If anything out of ordinary happens (and providing it isn’t something as simple as forgetting to turn your Caps-lock key off) contact your web-hosting company and let them know.
2. Indirect attempts
Most hacking attempts are not directly aimed at a specific website or municipality – the hacking person wants to find a security flaw or do damage wherever he can.
Indirect attempts often rely on various malware to exploit and infect as many computer systems as possible. It’s like an online disease – it’s widespread and it can affect anyone.
What’s malware? Short for “malicious software”, malware refers to programs designed to damage or do other unwanted actions to computer systems. They include viruses, worms, trojan horses, spyware and many more. Malware can delete data, gather information, or gain access to various systems without user’s knowledge.
According to the Pandalabs research, there are over 230,000 new types of malware detected every day. Although not all of them are as destructive as they seem, the chances that you might have some of it on your computer are pretty high.
The smaller you are, the faster you fall
Small websites are easy prey for many hackers. They seek for any vulnerability they can find – it doesn’t matter if it’s a municipality, school, or small e-commerce website. Those kinds of places are rarely updated and can have multiple holes in their defense systems.
One of the most common website hacks is a simple defacement. Don’t worry, you will definitely know when this happens – a big, annoying message mocking the administrators or showing off the hacker’s skills is really hard to miss. The page itself often needs to be restored to its previous version (hopefully your web-hosting company still has it somewhere in their database and a procedure to restore a prior unhacked version).
Transparency and quality of life
Website hacks not only destroy your municipality’s reputation but they also heavily disrupt the functionality of its online services.
And that’s a quick way to anger your residents and make your life miserable
Perhaps the locals from your area don’t visit the website too often, but when they NEED to get something done and their web browser sends them a warning with a little, red message saying that this website might be unsafe, they start to get irritated: “what’s going on, I thought we are paying for the municipality and its website, how come this is unsafe?”
You can bet your money that the next thing they’ll to do is they will grab their phone and take their frustration out on some poor soul in the office. Hopefully, it’s not going to be you.
How can you prevent it?
- An updated anti-virus is your best line of defense – keep it fresh and ready or you will see your computer swarmed with hundreds of unwanted “guests”.
- Update your internet browser and other software (things like Adobe Reader or Adobe Flash). All it takes is one click on some infected banner to put your computer and website in danger.
- If you see something new installed on your computer and you’re certain you didn’t have to do with any of it, make sure it’s not a piece of malware (for example, when you notice your browser recently got a new type of toolbar or when it sends you to some strange places).
- Make sure your web-hosting company frequently monitors your site and keeps some of its data stored offline. That way, in case all hell breaks loose, they will be able to restore the lost information.
And while we’re at it, make sure that the company responsible for keeping the municipality’s website fresh and going provides technical support and answers tickets from their clients. (At TownWeb we do it for free).
3. Security breach
Some hackers try to find hidden website information or hack into email accounts by attempting to login as every possible user. They check different passwords and when they manage to find the right one, they match it with other accounts on Gmail, Yahoo, or Facebook
It’s not surprising that most of us use similar login information for different sites and places on the internet- we are all human and share similar thinking patterns.
But it’s a short way to get your data compromised.
Some of the most popular passwords on the internet: “password”, “1234”, “123456”, “qwerty”, “football”. Others include pet names, dates of birth, first names, or even… obscenities.
If you think you are being clever by protecting your municipal account with your maiden name…. well, you might want to read the following tips.
How can you prevent it?
- Don’t re-use passwords – even when you think you’ve come up with something unique, try to use different combinations of letters and numbers for passwords on different accounts.
- Don’t assume that everyone is going to take an advantage of you and steal your password, but also don’t put your trust into everyone around you, whether it’s your coworkers, or even…. your own municipality’s web-hosting company. If you need help with something, they should set up a remote session to guide you through the whole process without sharing any secure information.
- Don’t keep your password in visible, public places – you don’t know who might be looking (and please don’t write it on a note and stick it onto your monitor – we’re sure that happens quite a lot!)
- Make sure the company you are hiring monitors how many people attempt to login – they can set up the system so that you get automatically banned after too many incorrect attempts to login.
4. Social hacking
Social hacking is a psychological manipulation of tricking people into performing certain actions, providing confidential information, or gaining system access. The hacker appeals to our vanity, authorities, greed or even our willingness to be helpful.
Truth is, you might have been a victim of a social hack it the past and you probably weren’t even aware of it.
It’s easier to “hack” a human than a computer.
Perhaps you’ve seen something similar while looking through your daily mail:
“Hey, I went on your municipality’s website and I wondered if you would be so kind to add a link to our non-smoking campaign – it’s a federal program that helps people quit the habit of smoking. By the way, it’s completely free. Thanks a lot”.
At first glance it seems like a really great idea. But most of similar links redirect the visitor to some shady website about vaping and e-cigarettes. Or worse – it could be something about pornography.
If it’s legal, it’s ethical…. Right?
In most states there is no law that says “you cannot put links to businesses on your website”. But ask yourself a question – is it really fair to your community if you list all the grocery stores in your area… except one (because nobody likes the owner or they aren’t really that well-known?)
The same rule applies when it comes to charging money for links and banners. Yes, you can do it (and some municipalities allow advertisements) but carefully think this through. You may create your own rules but you have to make decisions that benefit the public. And if you do things that don’t benefit the public, then maybe it’s something you shouldn’t do.
Remember that putting banners and links is also a risk in itself. If a business changes their address or doesn’t renew it and later on someone buys it or hacks it and then links it to a site with pornography… well, hopefully you will be able to spot it on time.
And by the way, messing with politics will end badly for you
If you are thinking about putting a picture of someone running for the town office on your municipality’s website, you should heavily reconsider it.
Not only is it unethical, but it’s also in many cases illegal. Municipalities are all about transparency and choosing a side in a political campaign breaks that rule.
How can you prevent it?
- Don’t open emails from unknown senders – watch out for scammers (even when they introduce themselves with their “real” name”)
- Don’t click on any links if you have no idea who the sender is.
- Have your antivirus up and running – it scans the incoming mail for any malware and “fishy” links
- If you really want to have something checked (a link, or a website), contact your web support and ask them for help
- When you find out one of the links on your municipality’s website redirects your visitors to some illegal, unethical or improper content, IMMEDIATELY contact your web-hosting company so they can deal with it as soon as possible (like we do).
Even when you’re not really into computers and all the technical language can be sometimes a bit too overwhelming, it doesn’t mean you can’t effectively protect yourself and your municipality from getting hacked.
It’s pretty simple actually – all it takes is a grain of common sense and logic. Keep your programs updated, use an antivirus, protect your passwords and don’t put your trust in others blindly.
And perhaps the best advice we can give – hire a web-hosting company that knows their job, provides support and doesn’t leave the customers on their own.
At TownWeb we aim to be your municipality’s trusted provider for solutions that “Make the Modern Clerk’s Live Easier!” All municipal customers receive free and unlimited technical support. Furthermore, municipal websites hosted by TownWeb are fully backed-up daily and have a system in place to prevent automated login attempts, so you can sleep well at night knowing that you have a team to take care of your web site needs.