School Websites and Municipal Websites Are Prime Targets for Hackers
Security is a priority in every 360Civic RFP response. We know hackers target public entities, and have developed simple but effective tools to repel attacks, from two-form identification using mobile phones and email, to hardening contact management systems from attacks.
That said, there are also ways for any public sector entity to minimize the possibility of a security breach – and no IT experience is required.
Here are some common sense ideas on how to better protect your site and your data.
Complex Passwords: The Easiest Public Sector Website Protection
It doesn’t get more basic than this. The stronger the password, the less likely it will be uncovered. Yes, that means using one of those annoying pain-in-the-backside combinations of upper and lower case letters and numbers – the kind of alphabet soup that’s not as easily recalled as your first pet’s name followed by 1,2,3.
If you really don’t want to go that way, another option is to use a sentence you can remember as a password, such as “Donnaismybestfriend” or “IlovetheLosAngelesDodgers.” Then, to add an extra layer of security, replace any one letter in that sentence with a number. In the first example, you could replace the two ‘i’s with the number 8.
These precautions pertain not just to the passwords that public sector personnel use to access the website – the same measures should be taken by these employees on their home computers, tablets and cell phones. If one of these is breached, it could provide enough access to damage the public sector site as well.
Security Patches
Have they been updated? If they are not, that’s an invitation to trouble. Also make certain that your other security policies are being followed, especially with new hires.
Encourage Positive Online Security Habits From Municipal Website, School, Website Staff
We all know (or at least were told once) not to open emails from unknown senders, or click on links that might be suspicious, or download attachments from unfamiliar accounts. But people still do it, every day. These are lessons that should be reinforced often.
Trusted Partners
Your security is only as reliable as the proficiency of the vendor that created your website, as well as any third-party organizations with access to your network (partners, hosts). When outsourcing is necessary it should be preceded by (to coin a presidential phrase) extreme vetting. Make sure these agencies enforce multifactor authentication, require unique credentials for each customer and offer a comprehensive audit trail of all remote-access activity.