Cybersecurity is the topmost concern of any modern company, big or small, and water authorities are no different. What are the top cybersecurity leaks I haven’t yet discovered, and how do I plug them?
Technology and water are best friends.
No, really – technology and water work very closely together, though it may not be obvious to the general public at first.
The public hears about National Oceanic and Atmospheric Administration (NOAA) programs that include observation platforms and submersibles to experience the ocean and explore its depths and mysteries, as well as the sensors that monitor water temperatures and levels all over the globe to give us information about water changes or warn us of storms.
Less publicized, but just as critical, is the technology used by water authorities. The process of the collection, treatment, and delivery of water supplies for entire communities in an awesome process, in the literal sense of the word. Water authorities have the responsibility to make sure communities have access to clean, safe drinking water, and oversee facilities for collection and treatment. Technology is involved in every step, from intake to output with quality monitoring and reporting.
The Environmental Protection Agency (EPA) requires regular reporting of water quality through the Safe Drinking Water Act and monitors drinking water to protect against exposure to contaminants. But do you think EPA staff go to every water treatment facility to personally test water quality? That would be an egregious waste of time and resources! Instead, monitoring and testing are done using technology, reporting uses technology, and quality report transmissions are electronic to expedite reporting and ensure compliance, saving time and resources.
Technology, while imperfect, simplifies our lives by automating processes and repetitive tasks, like water reporting. Water quality monitoring is much more than using a test strip like with a pool, checking the results on the color-coded chart to determine a range for water quality. Modern water quality monitoring employs advanced technology, constantly processing numbers and algorithms programmed into computers to transmit reporting levels timely. If there is a “leak” in any part of that process, every step is compromised.
“What are the top cybersecurity leaks I haven’t yet discovered?”
Not in any particular order, the most likely areas you will find leaks in cybersecurity to plug up include:
Where there are human beings, there is room for operator error. It’s rarely an intentional act unless you can classify “careless clicking” as intentional. Careless clicking is the act of clicking on a link within an email or on a webpage. Scam emails, phishing, and other attempts at getting a user to click on a link designed to capture and steal personal information are the greatest threat to an organization’s cybersecurity.
Attachments and downloaded files are equally troublesome! Malware or viruses hide inside seemingly innocent files, named generically or close to something recognizable to the recipient with the goal of being downloaded and executed to gain footing into a network.
Plug: Ongoing training is the best way to protect against these threats. Educate teams on recognizing dangerous environments and to always practice careful clicking!
Passwords should always be complex and unique, no matter how inconvenient it is for the user. It never fails – a compromised password is usually one that is easy to guess, without variation in capital or lowercase letters, and those devoid of special characters like #, $, %, !, and ?
Second to a phishing attempt to get users to carelessly click on a scam link is a hacked email account from a weak password. Passwords that are simple or have not been changed in more than six months are in great danger of being guessed by cybercriminals.
Plus: Encouraging staff to follow password best practices and take extra precaution using email is your best way to prevent a leak in this area.
Workstation users that are responsible for executing their own updates are the worst procrastinators when it comes to installing program or security updates. These updates are most often released with security in mind – especially security patches!
Those “annoying pop-up boxes” that encourage users to install and run updates tend to get postponed because they always seem to pop up at the most inconvenient times. The trouble with this is that updating system hardware and software are essential to cybersecurity.
Plug: Schedule updates to run after normal operating hours and make sure teams have a manageable schedule for running updates.
Professional partners can put you at risk, and you won’t realize it until it’s too late. The strongest and most secure network can be taken down by a third party with sloppy security practices!
While you can’t control third-party security practices, you can enact policies for the partnerships where agreements stipulate certain security measures should be taken when your network is concerned.
Plug: There are also steps you can take to protect yourself where external access is concerned. Setting up virtual servers, for example, is one way to grant dedicated access to limited processes with added encryption for extra layers of protection.
The phones in your pockets are a target, believe it or not! Mobile users surpass desktop users in nearly every way, according to a recent study, and it’s no surprise. Smartphones, tablets, and laptop computers have enabled professionals to remain productive while on the go. With mobility comes added security risk with stored email accounts, passwords, and personal information.
The concerns with smartphones, tablets, and laptops are that they access networks outside of the professional location that is entirely controlled, increasing the potential for risky connections and leaks.
Plug: You might consider setting up a virtual private network (VPN) for mobile users, with two-factor authentication, to make sure all users access your network via secure methods.
Managed IT services providers (MSPs) like Cyber Solutions are trusted experts that help with everything from network security to data back-ups and much more. Cybersecurity is essential to the future success of any company, and water authorities are no exception. Cyber Solutions works with water authorities to maintain systems and protect networks against threats.
If you found this article on cybersecurity helpful, you might also like: