Cybercriminals are a growing threat to government and law enforcement—holding municipal and police department internet systems hostage for ransom, stealing valuable information, and endangering public safety.

Law enforcement agencies are a target for hackers, especially hackers interested in stealing or compromising data, and some departments are especially vulnerable because of outdated technology or inadequate training. Stopping these criminals isn’t easy, but there are ways to increase security and minimize risks.

Police departments’ unique vulnerabilities

In addition to searching for the identities of witnesses and other critical policing data, cybercrooks can tamper with evidence storage systems and spoof email accounts of vendors and government agencies, sending fraudulent emails requesting wire transfer payments and employee W-2 information. They can even lock down the department’s entire system in a ransomware attack.

But chasing these bad guys is virtually impossible, because they themselves are virtual—invisible and often far from their victims, possibly on the other side of the world, posing daunting technological as well as jurisdictional challenges. These challenges mean adequate prevention is more important than any response.

Prevention is the best defense

The front line on data security is high quality technology, enterprise level anti-virus and malware software with a centralized dashboard of all devices and notification capabilities, which is upgraded regularly. But even with the best software or programs, hackers can still get in.

As Mark Gowen, the Information Systems Security Officer for the COPS Office, says, “There is no such thing as 100 percent safety from cybercrime. You must always be on the lookout for threats. What’s most important is an up-to-date system and a culture of cybersecurity, ensuring that all your people are well aware of the threats and what they must do to protect themselves and the department.”

Gowen maintains that delegating the right person to be responsible for this is critical. “Cybercrime is an ever evolving threat, and an agency can’t keep ahead to adequately protect themselves without somebody dedicated to the task,” he says.

Sources for no-cost training and support

An information security manager will require professional training to effectively manage security and train others in the department, Gowen adds. “But the cost of prevention is far less than the cost of recovery, financial and otherwise.”

There are a number of sources for training, including the following:

• The FBI’s web site for cybersecurity resources and information, much of which is accessible to agencies through participation with the Cyber Shield Alliance (CSA), an FBI cyber security initiative for law enforcement
• The International Association of Chiefs of Police’s (IACP) online Law Enforcement Cyber Center
• The National Computer Forensics Institute (NCFI), which partners with the U.S. Secret Service and U.S. Department of Homeland Security, providing training for state and local law enforcement in network intrusion, digital forensics, and other issues
• The U.S. Department of Homeland Security’s no-cost security assessments for law enforcement departments
• The Law Enforcement Cyber Center (LECC) Cyber Report Card, the Cyber Resilience Review (CRR), and the Cyber Hygiene (CH) Program, a technical assessment scanning of internet accessible systems for known vulnerabilities and configuration errors

Multifactor authentication and other security procedures

But there are also behavioral modifications that can increase departmental security. Everyone must protect and update passwords; shred confidential documents; and be vigilant about their laptops, cameras, and USB drives.

The most effective way to protect against this is Multifactor Authentication (MFA), a two- or more-step authentication process, in which users must provide a special code or use a passkey or card in addition to their password.

Recognizing and reporting intrusions

Most important, all personnel must immediately report any suspected malware intrusions or breaches of security—even if they aren’t sure but just think something doesn’t seem right. To help your people respond, provide guidelines on how to recognize and respond to threats.

Gowen recommends testing personnel by sending fake emails that look real to all personnel. Those who open them and click on links or attachments get a warning not to open emails from unverified senders.

Spotting malware

Electronic threats most often come as malicious software, or malware, which can infect computers and networks. Malware can be detected several ways. Your computer's operating system may slow down so that it takes longer than usual to perform basic actions. Or your web browser’s behavior may change. Popups that keep appearing and can’t be closed are another sign.

Be especially wary of popups warning of security threats, as these may be ploys to trick you into downloading malicious software. Avoid clicking to close them. Instead, close them from the system tray area or windows taskbar with a right mouse click.

Preventing phishing, watering-hole attacks, and spoofing

Phishing is the most common way thieves access sensitive information and infect computer systems. These scams often come as emails and social media contacts designed to lure you into clicking links or visiting fake websites that contain malware.

Phishing scams are often presented as urgent requests with dire consequences for not replying by clicking the included link. Typically, they appear to come from corporations rather than specific people at the company and use either no salutation or a generic one like "officer" or "employee.” To see the true destination for the link, hold your cursor over the URL.

In a watering hole attack, the perpetrator infects a frequently visited website with malware to gain access to the victim’s network. Unsuspecting visitors may download the malware or offer personal information to the attacker without knowing it. Spoofers send emails in the name of an individual, company, or institution known to the victim.

If all else fails, backup is critical

If a hacker is successful in locking down or compromising your network, a backup system and recovery plan can provide the ability to quickly restore the department’s operating system and all of its data. If there is recovery system and plan already in place, the designated IT person can react quickly.

The threats are numerous and varied, and these criminals are technologically savvy. Police departments and sheriffs’ offices should expect to be attacked at some time; but as in all effective crime fighting strategies, being prepared, vigilant, and well-armed—in this case, with strong security practices—is your best defense.

Faye Elkins
Sr. Technical Writer

Tweet