November 1, 2016

How to effectively protect yourself from hacking even when you’re not a tech-savvy genius

The thing is – when it comes to computers, safety is not given, but earned. All it takes is one, simple error to let someone “through”, steal data or unleash chaos on your website.

You know that being a clerk and working in an office can be 100 times more stressful than it sounds to an average Joe. Not only do you have tons of paperwork to go through, but you also deal with answering emails, taking phone calls, coordinating projects and posting local meeting agendas and official notices on your municipal website.The thing is – when it comes to computers, safety is not given, but earned.  All it takes is one, simple error to let someone “through”, steal data or unleash chaos on your website. And you wouldn’t even know that you were hacked until it was too late.

The risk is real…. and it’s costly

Hacking attempts not only damage the municipality’s reputation (the moment your site becomes unreachable you may expect quite a few angry phone calls from the locals), but it also costs you real money. And by real money we mean billions globally. Take a look at some statistics below:      

Okay, but what does hacking have to do with our small municipality? Why on earth would someone attack our office?

You probably think that those multimillion-dollar online thefts you hear about on the news or read on the internet have no real impact on your work. After all, who would be interested in gathering information on Mr. Smith’s building permits or a date of some future meeting?

Well, you would be surprised. Check the statistics below:

Sounds a little more serious now, doesn’t it?

The Internet, Google or even Facebook are filled with some really gloomy and dangerous places – heck, we all know that life is not always rainbows and butterflies.But you need to be aware of the fact, that there are living and breathing people out there who would love to disrupt, take advantage, steal data, or wreak havoc on your municipal website. And they will take any opportunity they might get.At TownWeb we deal with those things on daily basis. That’s why we can tell you what “hacking” really means and give you some useful tips that will help you avoid any potential disaster. You will be able to save your municipality’s money, its reputation…. and your own skin.  :)

Everything YOU need to know about hacking

In short, hacking is an intrusion into a computer system or computer network. It may be as simple as figuring out or stealing somebody’s email password or login name, while at other times it may rely on using specialized programs to break through security software.  Hacking can sometimes mean defacing a website, similar to what a graffiti artist does to a building wall. But it can  also mean erasing all the content stored on a website, or transmitting viruses to users who connect to a specific site.  

Hackers among us – about the people who want to see the world burn

“Real” hacking probably looks a bit different than what you might have seen in some blockbuster movie a few years back, like in the old classic “The Net”, featuring Sandra Bullock. Most of the time it doesn’t involve stumbling upon world-threatening conspiracy theories.Truth be told, hacking attempts can be done by almost anybody: some bored teenager down the road, an angry local who wants to take his revenge on your municipality, a crafty IT graduate looking for easy money… or even your own co-worker trying to get his hands onto some personal data stored on your office computer.  (Naturally, don’t expect a hacker to hide behind every other corner -  it’s all about staying vigilant and aware of all the potential dangers lurking on the web and at your workplace).

4 shades of hacking – learn how to protect yourself and avoid potential traps

There are so many types of hacks, viruses and other computer software intended to damage or steal online data, it’s really hard not to lose your head with all the technicalities floating around.Take a look at the list below. It will help you get a better picture of the most common hacking techniques that you might be exposed to.

1. Direct attempts  

This type is pretty self-explanatory – someone is actively trying to get onto your account or your website, bypassing all the municipality’s security channels (including its firewall).

firewall_image

What’s a firewall?  It’s a security system, either installed somewhere as a computer program or working as a separate, physical device. Firewall acts like a barrier between a trusted network (for example, municipality’s inner network) and untrusted networks – such as the internet. All the data entering or leaving your computer passes through the firewall, which examines each message and blocks those that don’t meet its security criteria.The person behind a direct hacking attempt can use almost anything that he has in his arsenal – viruses, specialized programs, malicious software, you name it.What a hacker needs is the right opportunity and time. He will actively seek for a “hole” in your municipality’s security system and exploit it as soon as he is given the chance.

The thirst for revenge

Direct attempts mean that someone out there wants to do harm to YOUR website. It could be a vicious act of revenge from one of the local residents who failed to get a variance request or couldn’t get that important building permit approved. What’s even scarier, hacking attempts may come from your own coworkers or office staff.We know it’s hard to imagine that your friendly-looking associate could be a real devil in disguise waiting to cause mayhem in your municipality network.  But according to Steve King from Netswitch Technology Management, 59% of employees steal or destroy proprietary corporate data when they quit or are fired.The more privileged the clerk and the higher level of his or her administrative power and access, the more damage he or she can cause. It doesn’t matter if they want to get their own back on their former colleagues or wish to steal some personal information - their actions may cost you and your municipality real money and tarnish its reputation.

How can you prevent it?

2. Indirect attempts

Most hacking attempts are not directly aimed at a specific website or municipality – the hacking person wants to find a security flaw or do damage wherever he can. Indirect attempts often rely on various malware to exploit and infect as many computer systems as possible. It’s like an online disease – it’s widespread and it can affect anyone. What’s malware?  Short for “malicious software”, malware refers to programs designed to damage or do other unwanted actions to computer systems.  They include viruses, worms, trojan horses, spyware and many more. Malware can delete data, gather information, or gain access to various systems without user’s knowledge.According to the Pandalabs research, there are over 230,000 new types of malware detected every day. Although not all of them are as destructive as they seem, the chances that you might have some of it on your computer are pretty high.

The smaller you are, the faster you fall

Small websites are easy prey for many hackers. They seek for any vulnerability they can find - it doesn’t matter if it’s a municipality, school, or small e-commerce website. Those kinds of places are rarely updated and can have multiple holes in their defense systems.  One of the most common website hacks is a simple defacement. Don’t worry, you will definitely know when this happens – a big, annoying message mocking the administrators or showing off the hacker’s skills is really hard to miss. The page itself often needs to be restored to its previous version (hopefully your web-hosting company still has it somewhere in their database and a procedure to restore a prior unhacked version).

Transparency and quality of life

Website hacks not only destroy your municipality’s reputation but they also heavily disrupt the functionality of its online services. And that’s a quick way to anger your residents and make your life miserable. Perhaps the locals from your area don’t visit the website too often, but when they NEED to get something done and their web browser sends them a warning with a little, red message saying that this website might be unsafe, they start to get irritated: “what’s going on, I thought we are paying for the municipality and its website, how come this is unsafe?”You can bet your money that the next thing they’ll to do is they will grab their phone and take their frustration out on some poor soul in the office. Hopefully, it’s not going to be you.

How can you prevent it?

And while we’re at it, make sure that the company responsible for keeping the municipality’s website fresh and going provides technical support and answers tickets from their clients. (At TownWeb we do it for free).

3. Security breach

Some hackers try to find hidden website information or hack into email accounts by attempting to login as every possible user. They check different passwords and when they manage to find the right one, they match it with other accounts on Gmail, Yahoo, or Facebook. It’s not surprising that most of us use similar login information for different sites and places on the internet- we are all human and share similar thinking patterns. But it’s a short way to get your data compromised.

passwords

Some of the most popular passwords on the internet: “password”, “1234”, “123456”, “qwerty”, “football”. Others include pet names, dates of birth, first names, or even… obscenities.If you think you are being clever by protecting your municipal account with your maiden name…. well, you might want to read the following tips.

How can you prevent it?

4. Social hacking

Social hacking is a psychological manipulation of tricking people into performing certain actions, providing confidential information, or gaining system access. The hacker appeals to our vanity, authorities, greed or even our willingness to be helpful.Truth is, you might have been a victim of a social hack it the past and you probably weren’t even aware of it. It’s easier to “hack” a human than a computer.Perhaps you’ve seen something similar while looking through your daily mail:“Hey, I went on your municipality’s website and I wondered if you would be so kind to add a link to our non-smoking campaign – it’s a federal program that helps people quit the habit of smoking. By the way, it’s completely free. Thanks a lot”.At first glance it seems like a really great idea. But most of similar links redirect the visitor to some shady website about vaping and e-cigarettes. Or worse – it could be something about pornography. If it’s legal, it’s ethical…. Right?

In most states there is no law that says “you cannot put links to businesses on your website”. But ask yourself a question – is it really fair to your community if you list all the grocery stores in your area… except one (because nobody likes the owner or they aren’t really that well-known?)The same rule applies when it comes to charging money for links and banners. Yes, you can do it (and some municipalities allow advertisements) but carefully think this through. You may create your own rules but you have to make decisions that benefit the public. And if you do things that don’t benefit the public, then maybe it’s something you shouldn’t do.Remember that putting banners and links is also a risk in itself. If a business changes their address or doesn’t renew it and later on someone buys it or hacks it and then links it to a site with pornography… well, hopefully you will be able to spot it on time. And by the way, messing with politics will end badly for you. If you are thinking about putting a picture of someone running for the town office on your municipality’s website, you should heavily reconsider it.Not only is it unethical, but it’s also in many cases illegal. Municipalities are all about transparency and choosing a side in a political campaign breaks that rule.

How can you prevent it?

Summary

Even when you’re not really into computers and all the technical language can be sometimes a bit too overwhelming, it doesn’t mean you can’t effectively protect yourself and your municipality from getting hacked. It’s pretty simple actually – all it takes is a grain of common sense and logic. Keep your programs updated, use an antivirus, protect your passwords and don’t put your trust in others blindly. And perhaps the best advice we can give – hire a web-hosting company that knows their job, provides support and doesn’t leave the customers on their own. At TownWeb we aim to be your municipality’s trusted provider for solutions that “Make the Modern Clerk’s Live Easier!” All municipal customers receive free and unlimited technical support. Furthermore, municipal websites hosted by TownWeb are fully backed-up daily and have a system in place to prevent automated login attempts, so you can sleep well at night knowing that you have a team to take care of your web site needs.