Industry Insights: The Basics of Cyber Security for Fire Departments

Ransomware

There are many types of security breaches that can occur including phishing, ransomware, viruses, and trojans. One of the most common and profitable for hackers is ransomware, which works by encrypting a victim’s hard drive, denying them access to key files, and demanding a ransom to decrypt the files and give access back to the user. Just last year, municipal systems in Atlanta, GA were attacked, causing widespread outages that halted many city services. The attackers demanded $50,000 in digital currency and cost the city much more in data recovery costs.³ The damage costs of ransomware are $10 billion in 2019⁴ and attacks are growing more than 350% annually.⁵

IoT Devices

An IoT (internet of things) device is any device that has the ability to transfer data over a network without requiring human-to-human or human-to-computer contact. These devices can be targeted by cyber attackers and if not properly protected, could leak sensitive medical information or even put lives at risk. For example, if an insulin pump were to be compromised, an attacker could alter the data and cause the pump to deliver a potentially lethal dose of insulin. IoT attacks were up by 600% in 2017⁶ and are becoming a greater risk due to the growing number of IoT devices, like smartphones, that can be hacked in as little as 5 minutes.⁷

Phishing

Phishing scammers use email or text message to trick you into giving them your personal information. They may try to steal passwords, account numbers, or Social Security numbers. Phishing emails may even appear to come from a company or person you know and trust. Scammers often create messages similar to what a bank, credit card company, social networking site, or online payment website/app would send. When targeting your fire department, they may send emails that appear to come from mutual aid agencies, non-profit organizations, or the federal government.⁸

Ways to protect your department

Use complex passwords: don’t use the same exact password for multiple accounts. Passwords should be changed every few months.

When using IoT devices: be sure the medical facility has a secure network infrastructure and that equipment calibration verification policies and processes are continuously reviewed and updated. Training should also be provided to users and patients to ensure they’re aware of the risks associated with using an IoT device.⁹

Use cloud-based systems whenever possible: Using a cloud-based system like Emergency Reporting eliminates the need to keep your data on physical servers, which are much more prone to being hacked. This way, your data will be backed up to the cloud and at lesser risk of exposure to hackers.

Raise awareness: 95% of data breaches can be attributed to human error.¹⁰ Make sure your team is aware of the common threats and the importance each person plays in keeping your department secure from cyber attackers. Here are some training opportunities for firefighters:

• NASCIO Cyber Disruption Response Planning Guide
• Federal Trade Commission: Cyber security Basics
• Stay Safe from Phishing and Scams (Quick Video)
• Email Security Awareness Basics (Video)

Protect your data and services: Use features like automated security updates and differentiate access to files and data. You should limit user access within systems like ER to only include the information they need specifically to do their job.

Establish a policy on cyber security: Create a policy to cover basic expectations for firefighters, as well as some best practices for cyber security. It should cover what to do if a data breach has been discovered. Here are a few templates to get you started:

• Cyber Security Email Phishing Precautions Sample SOG (VFIS)
• Data Security for Emergency Communication Centers Sample SOG (VFIS)
• Data Breach Precautions Sample SOG (VFIS)
• Cyber Security Policy Template (General)

In general, utilizing software providers that care about security is imperative. Choose providers that are knowledgeable about how their product keeps data safe, and hosts in environments that are focused on the same. Emergency Reporting software is hosted in the Microsoft Azure secure environment, and is trusted by many government agencies including the United States Army and the National Institutes of Health Division of Fire and Rescue Services. Please click here If you’d like to try out our system for free and please contact us with any questions.

If you would like even more tips or want to read up on other cyber security risks, check out this guide from the American Military University. To learn more about how Emergency Reporting can help with your data security, click here.

About Emergency Reporting

Emergency Reporting (ER) offers a powerful, cloud-based records management software (RMS) solution to Fire/EMS agencies worldwide. Founded in 2003, ER empowers first responders with secure, easy-to-use station management tools that offer one-report filing of NFIRS and NEMSIS data. ER’s affordable SaaS solution allows Fire/EMS departments to run their entire operations efficiently and effectively, enhancing both firefighter and citizen safety. ER is proud to support more than 484,000 first responders at thousands of civilian Fire/Rescue and EMS agencies and DoD/military installations, as well as large entities with self-contained Fire/EMS services such as NASA, nuclear power plants, hospitals, and oil refineries. For more information, visit emergencyreporting.com.

Resources:

[1] Clark School at the University of Maryland

[2] https://www.firehouse.com/home/news/12374041/what-firefighters-fire-departments-can-do-to-combat-hacking-malware-ransomware-firefighter-news

[3] https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/

[4] Cyber Defense Magazine

[5] Cisco

[6] Symantec

[7] NETSCOUT

[8] https://www.fdhacks.com/blog/fire-department-cyber-security-basics

[9] https://www.iafc.org/docs/default-source/1comm-tech/protecting-against-cyberattacks-magazine_final.pdf?sfvrsn=584e810d_0

[10] Cybint Solutions