Industry Insights: The Basics of Cyber Security for Fire Departments
Editor's note: Industry Insights are sponsored blogs submitted by manufacturers and suppliers serving the fire service industry.
Earlier this year, a fire department reached out to our team at Emergency Reporting (ER) about an incident where their fire software that had been hosted on internal servers had been compromised, leaving them without the data they needed to run operations efficiently. This cyberattack led them to get in touch with us to take advantage of our cloud-based fire software and eliminate their need for internal hosting. Unfortunately, this story is all too common. In this article, we will discuss what types of cyberattacks your department could be vulnerable to, and the steps you can take to protect your agency.
One of the largest changes in the fire service today is the advent of technology. While technology can keep firefighters safer and better prepared for their job, there is an increased risk. Every 39 seconds, there is a cyberattack.1 These attacks can hijack technological systems and jeopardize the ability for you to save lives. As a result, it becomes every department’s responsibility to learn about cyber security now instead of learning these lessons the hard way.
With all that is on the mind of a firefighter, it’s understandable if something as simple as being cautious with an email is overlooked during a stressful day. However, one small slip could cause an entire department to fall victim to a hacking attack that can cripple internal communications and data storage or compromise sensitive information for both department members and everyday citizens.2 Below we will cover some of the most common types of cyberattacks your department may face.
Ransomware
There are many types of security breaches that can occur including phishing, ransomware, viruses, and trojans. One of the most common and profitable for hackers is ransomware, which works by encrypting a victim’s hard drive, denying them access to key files, and demanding a ransom to decrypt the files and give access back to the user. Just last year, municipal systems in Atlanta, GA were attacked, causing widespread outages that halted many city services. The attackers demanded $50,000 in digital currency and cost the city much more in data recovery costs.3 The damage costs of ransomware are $10 billion in 20194 and attacks are growing more than 350% annually.5
IoT Devices
An IoT (internet of things) device is any device that has the ability to transfer data over a network without requiring human-to-human or human-to-computer contact. These devices can be targeted by cyber attackers and if not properly protected, could leak sensitive medical information or even put lives at risk. For example, if an insulin pump were to be compromised, an attacker could alter the data and cause the pump to deliver a potentially lethal dose of insulin. IoT attacks were up by 600% in 20176 and are becoming a greater risk due to the growing number of IoT devices, like smartphones, that can be hacked in as little as 5 minutes.7
Phishing
Phishing scammers use email or text message to trick you into giving them your personal information. They may try to steal passwords, account numbers, or Social Security numbers. Phishing emails may even appear to come from a company or person you know and trust. Scammers often create messages similar to what a bank, credit card company, social networking site, or online payment website/app would send. When targeting your fire department, they may send emails that appear to come from mutual aid agencies, non-profit organizations, or the federal government.8
Ways to protect your department
Use complex passwords: don’t use the same exact password for multiple accounts. Passwords should be changed every few months.
When using IoT devices: be sure the medical facility has a secure network infrastructure and that equipment calibration verification policies and processes are continuously reviewed and updated. Training should also be provided to users and patients to ensure they’re aware of the risks associated with using an IoT device.9
Use cloud-based systems whenever possible: Using a cloud-based system like Emergency Reporting eliminates the need to keep your data on physical servers, which are much more prone to being hacked. This way, your data will be backed up to the cloud and at lesser risk of exposure to hackers.
Raise awareness: 95% of data breaches can be attributed to human error.10 Make sure your team is aware of the common threats and the importance each person plays in keeping your department secure from cyber attackers. Here are some training opportunities for firefighters:
- NASCIO Cyber Disruption Response Planning Guide
- Federal Trade Commission: Cyber security Basics
- Stay Safe from Phishing and Scams (Quick Video)
- Email Security Awareness Basics (Video)
Protect your data and services: Use features like automated security updates and differentiate access to files and data. You should limit user access within systems like ER to only include the information they need specifically to do their job.
Establish a policy on cyber security: Create a policy to cover basic expectations for firefighters, as well as some best practices for cyber security. It should cover what to do if a data breach has been discovered. Here are a few templates to get you started:
In general, utilizing software providers that care about security is imperative. Choose providers that are knowledgeable about how their product keeps data safe, and hosts in environments that are focused on the same. Emergency Reporting software is hosted in the Microsoft Azure secure environment, and is trusted by many government agencies including the United States Army and the National Institutes of Health Division of Fire and Rescue Services. Please click here If you’d like to try out our system for free and please contact us with any questions.
If you would like even more tips or want to read up on other cyber security risks, check out this guide from the American Military University. To learn more about how Emergency Reporting can help with your data security, click here.
About Emergency Reporting
Emergency Reporting (ER) offers a powerful, cloud-based records management software (RMS) solution to Fire/EMS agencies worldwide. Founded in 2003, ER empowers first responders with secure, easy-to-use station management tools that offer one-report filing of NFIRS and NEMSIS data. ER’s affordable SaaS solution allows Fire/EMS departments to run their entire operations efficiently and effectively, enhancing both firefighter and citizen safety. ER is proud to support more than 484,000 first responders at thousands of civilian Fire/Rescue and EMS agencies and DoD/military installations, as well as large entities with self-contained Fire/EMS services such as NASA, nuclear power plants, hospitals, and oil refineries. For more information, visit emergencyreporting.com.
Resources:
[1] Clark School at the University of Maryland
[3] https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/
[5] Cisco
[6] Symantec
[7] NETSCOUT
[8] https://www.fdhacks.com/blog/fire-department-cyber-security-basics
[10] Cybint Solutions