General IT Security Information
Unfortunately, we live in a time where everyone is subject to potentially being "hacked" or scammed through the use of technology. This article outlines those methods and how to avoid them.
This article will not go into explicit detail but will cover general topics.
Although Cybersecurity is relevant in every aspect of daily functions, being a Town Employee makes that even easier for threat actors. We are public servants and follow procedures that are required of us because of that role. Because of this, a lot of information is now publicly accessible.
Information such as:
- Name
- Phone Number
- Email
- Work Address
- Job Title
- Salary Range
- Job Functions
- Etc.
With that being said, it is critical that we provide you with the information to prevent any kind of malicious cyber events.
As the IT Department, one of our sole functions is to protect the data of all of our staff from these kinds of attacks. Because of this, we have many implementations to monitor and prevent any cyber incidents. Unfortunately, regardless of how well we protect our users, the weakest link in any IT infrastructure is:
THE USERS
Below are some of the attack vectors that threat actors may use to exploit data.
Phishing:
Phishing attempts are the most common form of cyber attacks that you will see on a day-to-day basis.
- You will most likely see these in the form of an email or phone call.
Although we filter and block most phishing attempts through our system, some slip through to users unknowingly. The only way that we know to block and purge malicious emails is to be notified by you.
Here are some helpful tips for spotting these:
1. Demanding Urgent Action
- Generally, if an email requires you to complete something urgently, it is a red flag for phishing emails.
- In the past, we see this in the form of an email pretending to be someone in a high-ranking position with the Town urging you to purchase a gift-card, or providing credentials for something. Please note that no staff would ever require these things.
2. Bad Grammar or Spelling
- Luckily, this is easy to spot and is generally a major sign that it is a phishing email.
3. Unfamiliar Greetings
- This is especially useful in the case that someone's email has been compromised or is being "Spoofed".
4. Suspicious Information
- This information can take the form of the sender's email address, their domain (everything that follows the "@" sign), and URL links.
- If an email is asking you to click a link, if you are in any way suspicious of the email, please notify the IT Department immediately to verify it.
5. Requesting Login Credentials or Information
- DO NOT PROVIDE ANY INFORMATION UNLESS YOU ARE CERTAIN IT IS SAFE.
Remember, some of your information is public knowledge that can and will be used against you in these attempts.
Malware/Ransomware:
This will most commonly be deployed through the installation of software OR hardware.
All Hardware and Software MUST be approved for use by IT
- These attacks can originate from many sources ranging from USB drives to PDF Software. Please keep in mind that anything that interacts with any Town device, can potentially contain malicious files.
Other Information:
- Personal devices are Prohibited for work use. If required, IT will provide all necessary hardware.
- Please practice strong password requirements when creating logins for yourself.
If you notice any kind of suspicious activity, notify the IT Department IMMEDIATELY.
Even if it is not malicious, we encourage you to notify us to double-check for you.