Pinnacle: Is Your Organization Ready for a Cybersecurity Attack?
During his presentation “Digital Disruptions—Are You Next? Cybersecurity for EMS and 911” on Aug. 10 in Boca Raton, Fla., Frank Gresh, MS, said, “Information is an asset which needs to be protected.” Information security is a necessity to any organization’s stability. It entails more than just IT security—it’s a system that maintains the confidentiality of employees and patients and the integrity of the organization.
Establishing high-security protocols is vital to protecting the information collected by critical infrastructures within society, including 9-1-1 systems, dispatch centers, radios, warning systems, power grids, water supplies and transportation systems. Breaches of these infrastructures could be severely detrimental to a community.
Security breaches in EMS and governmental agencies would expose critical information such as plans, budgets, trade secrets, financial data, and patients’ private health records, violating HIPAA. It’s important to recognize that protecting this information is not just the responsibility of the IT department or the top officials of an organization. It’s everyone’s responsibility, said Gresh. Everyone must be actively aware of their online activity, like determining the safety of where they enter their personal or organization’s information, and being mindful of potential scams they come across.
Attack vectors that hackers will utilize to breach a security system include email, web browsers and downloads, intrusions in exploited firewalls and compromised machines, and poorly engineered systems. Gresh emphasized the importance of installing high-quality virus scanners on all computers, particularly for email accounts for important persons of contact who receive many emails from unknown senders so they can filter out scammers.
Gresh encourages agencies to stratify technological defenses and prioritize which data is most vital to be protected against breaches. EMS agencies have several major items to protect: private health information, payment transactions and credit card information, employee personal information, and the agency’s website and social media accounts.
Leaders can also implement simple protection measures in addition to heavier duty measures, like sending monthly or quarterly emails to employees reminding them not to open emails, attachments, or links from unknown senders.
While great security measures can be put in place, there is always the chance that a system can be breached. With this in mind, agencies must also have a plan of action in the event that this occurs. Civilians are still counting on your services regardless of any security breaches you may be facing. “On our worst day, we still need to be at our best,” said Gresh. “People will still be calling 9-1-1. There are no excuses in EMS.”
Gresh also provided a list of security frameworks that agencies can implement, including NIST, COBIT, ISO 27001, and ITIL. He encouraged taking advantage of the availability of cybersecurity experts as well for guidance in security measures.
Remember that it is everyone’s responsibility to maintain a strong cybersecurity network in order to maintain the integrity and availability of your agency. Keep in mind that cyber threats come in various forms and have a plan in place to manage those risks and potential breaches. And most importantly, “Don’t be afraid to ask for help,” Gresh said.