Public employees have even more at stake than private residents when it comes to cybercrime. A breach affects not just a single person but also scores of others, millions of dollars of assets, sensitive data, and critical infrastructure, such as water supplies and electrical grids.
For instance, if a cyberattack involves a hacker encrypting a city's files and demanding a large ransom to get a decryption key in order for the city to regain access to their files, it could be devastating to the city in multiple ways.
"The city would be given a deadline to pay up, and unfortunately, the city may not have the funds readily accessible to pay the ransom. If they miss the deadline their files are locked forever," said Krystal Dailey, information technology manager for the Municipal Association. She said it is possible the city could recover most of the data from backups, provided the IT staff had been backing up its servers and data on a routine basis.
"But this could still take days or weeks for the city to be operational again and incur cost to the city," said Dailey.
"Unfortunately, depending on the type of breach, a city could be brought to its knees. Access to a city's online services could be locked, which could force the city to revert back to pen and paper. Email communication may be down along with the phone system. Emergency systems and utility services could be affected as well as the court system."
Preventing cybercrime calls for knowing the different types, identifying risks and following safety precautions. It can include identity theft, financial fraud, stalking, online bullying, hacking and other forms.
There are plenty of ways to reduce risk, whether at work, in transit, at home while using government equipment, or simply posting to social media on your personal time and personal device.
1. The U.S. Department of Homeland Security's Stop.Think.Connect.™ campaign outlines these three common cybercrimes and offers ways to stay safe.
- Identity theft is the illegal use of someone else's personal information in order to get money or credit. How will you know if you've been a victim of identity theft? You might get bills for products or services you did not purchase. Your bank account might have withdrawals you didn't expect or unauthorized charges.
- Phishing attacks use email to collect personal and financial information or infect your machine with malware and viruses. Cybercriminals use legitimate-looking emails that encourage people to click on a link or open an attachment. The email they send can look like it is from an authentic financial institution, e-commerce site, government agency, or any other service or business.
- Imposter scams happen when you receive an email or call seemingly from a government official, family member, or friend requesting that you wire them money to pay taxes or fees, or to help someone you care about. Cybercriminals use legitimate-looking emails that encourage people to send them money or personal information.
2. Don't click suspicious links and other simple tips
- Keep a clean machine. Update the security software and operating system on your computer and mobile devices. Keeping the software on your devices up to date will prevent attackers from taking advantage of known vulnerabilities.
- When in doubt, throw it out. Stop and think before you open attachments or click links in emails. Links in email, instant message and online posts are often the way cybercriminals compromise your computer. If it looks suspicious, it's best to delete it.
- Use stronger authentication. Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account.
3. Common cyber risks when using social media
- Sharing sensitive information. Sensitive information includes anything that can help a person steal your identity or find you, such as your full name, Social Security number, address, birthdate, phone number or where you were born.
- Tracking your location. Many social media platforms allow you to check in and broadcast your location, or automatically adds your location to photos and posts.
- Be careful what you post and when. Wait to post pictures from trips and events so that people do not know where to find you. Posting where you are also reminds others that your house is empty.
- Know your apps. Be sure to review and understand the details of an app before downloading and installing it. Be aware that apps may request access to your location and personal information. Delete any apps that you do not use regularly to increase your security.
4. Attacks on government are increasing
The number of reported cyber incidents involving federal and state, local, tribal and territorial government agencies increased by 26 percent between 2012 and 2013, from approximately 158,000 incidents to 218,000 incidents. In 2013, more than 69 percent of incidents reported to the United States Computer Emergency Readiness Team were phishing attempts.
- Protect your organization – Lock and password protect all personal and agency-owned devices including smartphones, laptops and tablets. Lock your computer when you step away from your desk. Encrypt data and use two-factor authentication where possible.
- Regularly scan your computer for viruses and spyware and keep your software up to date.
- Dispose of sensitive information properly and according to your organization's policies.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Conceal your work badge and identification when outside of your office building, especially when out in public or when using public transportation.