| || |
Rasing Cyber Awareness at the City of Roseville
The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. In order to provide thousands of essential public services ranging from disaster assistance to social security to water and electricity, the City of Roseville must ensure our cyber infrastructure is safe, secure, and resilient.
How Does The City Protect Our Infrastructure, Business & Customer Information & Data?
Aside from the confidential security methodology that we utilized to protect the City, our team has put into effect many other measures to protect the critical infrastructure and business/customer account information. For example:
We maintain a multi-layers security programs that combines people, tools, controls and technologies to protect our data.
We work collaboratively with many private businesses and governmental agencies to address any potential threats / malware outbreak, and continuously monitor our systems through automated notification system.
We use advanced encryption technology to secure our communication with all external websites (using https:\\ protocol and vpn-virtual private network).
The firewall & anti-virus programs utilized pattern analysis & advanced analytical systems to detect suspicious activity, and prevent unauthorized access to City’s systems.
Other operational controls include limiting the number of Network Administrator / Super User privilege on the computer and regular penetration testing.
We limit the number of individuals who have access to personal/customer and sensitive information.
We provide e-learning and information tool sets to educate the team about privacy and security.
We provide cyber insurance coverage for all business transactions.
We also enforce internal measures, such as policy and discipline.
What Can You Do To Help Protect The City?
We believe security is a partnership effort among all of us – staff and Citizens of Roseville. While your IT Department works hard to protect your information to make sure our businesses & customer information is safe! You can help by doing your best to take the preventive steps on the best practices recommended – some of these include:
Secure Your Mobile Device
Keep Your Operating & Security Program Up-To-Date
Beware of Phishing Email & Ransomware
Stop/Think before You Connect/Post To Internet or Social Media Sites, &
Change Your Password Regularly
October 19th, 2017: Many of you have probably heard in the news about a new flaw in wireless (Wi-Fi) security called 'KRACK'. For those of you who have not, ‘KRACK’ is a recently discovered vulnerability which could allow attackers to intercept sensitive data being transmitted between a Wi-Fi access point and a computer or mobile device, even if that data is encrypted. We would like to provide some quick facts on what exactly it is and how to stay protected;
June 29th, 2017: A new worldwide ransomware campaign is encrypting computer storage devices, thereby denying access to the entire system. The campaign, known by various names including ‘Petrwrap’, ‘GoldenEye’ and ‘NotPetya’, has already caused serious problems in many organizations around the world. The initial entry point is generally an infected email attachment or web site. As a reminder, any message that contains or links to an attachment, especially if it is in the Junk Email folder, is highly suspect and should simply be deleted. Do not click on it, immediately delete the email, and remember: “When in doubt, throw it out!” If there is any question about the legitimacy of an email or web site or you suspect that your computer is infected with ransomware or other malware, please contact IT Help immediately. Thank you for helping us keep our City ‘Cyber Secure’
• Our systems here at the City are not vulnerable to this, due to layers of encryption and protection. In addition, we update City computers and devices on a regular schedule.
• An attacker has to be in wireless range of a vulnerable system to exploit this flaw.
• There is no easy-to-use software available - yet, to carry out an attack.
• Any sessions that use another layer of encryption, such as HTTPS (lock in the browser URL) are generally safe from this attack.
• Many older devices and operating systems that are past end-of-support that will never be updated are at risk to be exploited. These include Windows XP, many Android phones, as well as wireless routers and access points.
• At some point, we can be pretty confident that an 'exploit kit' will be released that will make it easy to launch an attack.
So, what should you do?
• Update your computer operating systems and wireless device firmware to fix the flaw.
• If you have computers and devices that aren't getting updated anymore (such as Windows XP and older Android phones), consider replacing them.
June 26th, 2017: Access to your online services and data is controlled by authentication systems. The most well-known method of authentication is the password. In addition to passwords, stronger security can be achieved by adding a second test to make sure it is really you. This is known as a two-step authentication. These tests require a second physical device you have, such as a cell phone or token fob (which electronically displays text characters). A common way to do this with a cell phone is the user is sent a code via text message. You then enter the code along with your password to the site you are accessing. With this ‘second factor’ enabled, even if someone knows your password, they still will not be able to log into your account because they don’t have the second code provided via your cell phone. How you manage these authentications determines the amount of effort needed to hack, or illegally access your accounts. It’s estimated that most online users in the United States have 90 passwords to remember. According to Dashlane.com, in 2016 alone, the world had 2,600,000,000 online accounts hacked. Yahoo Inc. alone, had over a billion accounts hacked! Unfortunately, most people discover their actual level of security (or lack thereof) only after their accounts have been compromised. A majority of Americans (64%) have personally experienced a major data breach.
May 30th, 2017: Earlier this month, computers in over 150 nations were held hostage by a viral “ransomware” that took control of servers and personal computers, then demanded a ransom for their possible release. The WannaCry cyber-attack exploited a weakness found in several Microsoft Windows operating systems. This event is a specific example of why the Information Technology (IT) Department goes to great lengths defending the City’s computer network. Cybersecurity requires the proactive management of multiple resources paired with a solid defense against real-time threats. Because of these efforts, the WannaCry event did not affect any City computers. IT employs several layers of defense to protect the City’s computers. The individual user does not need to worry about updates, or managing security software. These functions are handled remotely by IT. However, each user’s online practices are mission critical to maintaining security. If you are online, you are under attack. It’s that simple. IT’s layers of protection are only part of the solution. The actions of every user either protect or expose the system to external threats. Every time a user clicks a link in an email or opens an attachment, there is an opportunity for the network security to be exploited. The key goal of the of the City’s security protocols is to provide a safe work environment.
October 14th, 2016: Welcome to week 2 of National Cyber Security Awareness Month! The Theme for this Week is: ‘Cyber from the Break Room to the Board Room’ The focus of week 2 is on helping all of us better protect our City from cyber threats. Recommendations include avoiding phishing emails, making passwords more complex, and increased vigilance against suspicious activity. Here are some resources you can check out to help you help us to secure the City and its business partners. Short video on how to choose strong passwords (3:08). A newsletter describing CEO fraud. In these cases, the cybercriminal will target and attempt to coerce unsuspecting employees by impersonating a high-level executive in the organization and here’s a brief video that will help you to understand the workings and importance of Encryption when it comes to keeping private data private on the Internet (6:39).
October 6th, 2016: Welcome to week 1 of National Cyber Security Awareness Month! Throughout the month of October, we will be sharing information on different aspects of cyber security with you. The best defense against security breaches, identity theft, and malware is not anti-malware software, it’s you! We are constantly being exposed to new and ever-changing threats. We hope the information we share with you this month will inspire you to maintain awareness of what is going on in the cyber world so you can protect yourself, your family, and the city. The Theme for Week 1 is ‘Stop, Think, Connect’ For this week we are focusing on how to secure yourself and your family at home. We have a tremendous number of resources to help you, starting with the following: A security awareness newsletter on protecting your home network, a digital poster on ‘cyber-protecting’ your home, and numerous training videos. Stay tuned for more information to follow!