Cybersecurity for fire departments on a budget is a relatively new topic for the fire service over the last decade. More now than ever, fire departments are relying on an ever-growing amount of technology. The roles and responsibilities of firefighting have evolved as technology has been integrated into the fire service. This comes with its benefits, but it also opens avenues for risk, and to add more complexity, this technology has to be secured. This could be a difficult feat to manage for any fire department, especially in an era when volunteer fire departments are working with the fewest number of volunteers ever, limited time and resources, and fire departments on a budget. These are some steps that could be taken for fire departments to improve their cybersecurity measures:
Start with your people
Difficulty: Easy 🟢
Training your members is a great place to start since your organization’s members are your best first layer of defense. This is one of the easiest and most effective ways to improve your fire department’s cybersecurity.
Some topics that can be covered through membership training could be to alert others of suspicious activity such as unsolicited phone calls, suspicious email messages or text messages that sound too good to be true or ask for personal information.
This training could also focus on your organization’s procedures when bystanders or the news and media ask for information about a call that your fire department responds to. Another training element could focus on how your members use social media and awareness to be careful about the information that they post especially while on-scene. This could even open up discussion on establishing a social media policy, SOP/SOG to define acceptable standards of conduct. Your organization could establish an approval process before any information is posted on social media regarding an emergency response.
Another topic could be based on identifying spam emails and being cautious about unsolicited emails before opening files or if they find a flash drive on the ground, not to plug it into a fire station computer as this could be a way that your organization’s computer network could be unknowingly infected with malware.
Physical Security
Difficulty: Easy 🟢
Another cybersecurity measure for fire departments on a budget could be done by limiting physical access to certain areas of your fire station. Simple measures could be taken such as ensuring exterior doors and windows are locked and not left open, office spaces and conference rooms are locked when they are not being used, EMS storage cabinets are locked when not in use.
While responding to a call, if your fire station’s truck bay doors are left open, there should be someone stationed at your firehall ready to close the truck bay doors or to make sure the general public doesn’t enter your fire station unsupervised. Another element that could be evaluated is to protect any personal or patient health information (PHI). This can be done by storing any documents containing PHI in a secured area and out of sight when not being used and not leaving patient care reports (PCRs) out in the open or sitting on a desk. Anything containing PHI should be shredded after being used and never put in the trash can.
Network Security
Difficulty: Easy 🟢
Network security is an effective component to improve cybersecurity for fire departments on a budget. Manufacturers have made the process to install wireless internet Wi-Fi routers easier and more convenient without necessarily focusing on cybersecurity.
A simple measure to improve your network security can be done by configuring a Wi-Fi network with a secure password that only your fire department members know.
Another step is to completely turn off guest Wi-Fi. A misconfigured guest wireless network could inadvertently allow the general public to connect to the same network that your fire department devices are connected to. This creates an avenue of risk that if someone from the general public connects to your guest network and has malware on their device, this could infect your fire station computers and cause layers of issues.
If your organization has to host a guest Wi-Fi network, make sure that your organization also has a separate fire department Wi-Fi network and that your fire department computers and devices do not connect to the guest wi-fi network.
Protecting the network and wireless internet is a great protective layer to improve your fire station’s cybersecurity.
Use Strong Passwords
Difficulty: Easy 🟢
Your passwords are a first-level defense to protect your login accounts. Avoid using easy to guess passwords or using the same password for every account. If one of your passwords is stolen, it could be a daunting task to go through each account to change the password. Also, avoid writing passwords on sticky notes and storing them near the computer since anyone can find that and login to your account without your knowledge.
Multi Factor Authentication (2 Factor, 2-Step Verification)
Difficulty: Medium 🟡
Multi-factor authentication (also called 2-step verification, 2-factor or MFA) is designed to add an additional layer of security to protect your user accounts. This adds a second step of identification after you login using your username and password.
MFA works by sending a random number to your phone via a text-message or phone call after you login with your username and password. Once you type in the number, your account will fully login. If someone stole your username/password, this is an additional step that will prevent them from fully accessing your account since they will not know what the MFA code is without having your phone. There are also mobile apps called Google Authenticator or Microsoft Authenticator that provide this MFA number. MFA should be turned-on for all of your accounts.
Antivirus
Difficulty: Easy 🟢
Running antivirus on your fire station computers is a quick and easy cybersecurity measure to defend your computers/laptops against malware or viruses. Almost all antivirus applications are easy to install and automatically run in the background to scan files periodically and can automatically scan files downloaded from the internet.
Recommend Antivirus Software:
Data Backups
Difficulty: Hard 🔴
Backing up your data is a very proactive way to be prepared for your technology to fail. At any time, a computer system could crash, a power surge could burn out your devices, a water main break could flood a portion of your building, or even worse your organization could be infected with ransomware. Unfortunately, more and more organizations are being targeted with a form of malware called ransomware that locks your data and demands a large amount of payment to give your data back. There are different types of backup solutions that either store data locally or in the cloud depending on your organization’s needs.
Recommend Backup Software:
Acronis – this software can back up your computers onto an external hard or flash drive so you can store your backups locally at your fire station
Install System Security Updates
Difficulty: Easy 🟢
Keeping your computers, tablets and phones up to date by installing windows updates, IOS updates or android updates is an easy way to protect your systems against new cybersecurity threats. Security updates are typically released weekly, monthly or sometimes urgently depending on the purpose of the update. Most of the time, you hit the update button and have to wait a few minutes and then it is done.
Turn on Location Service on Fire Department Owned Devices
Difficulty: Hard 🔴
Location services are an effective way to keep track of where your fire department’s technology devices are or to respond if a device is lost or stolen. Most modern devices have free built-in apps that let you mark a device as stolen, lock down the device to prevent it from being used, remotely delete all data on the device, or to activate an alarm sound. These steps should be documented or practiced so your members know how to use location services and when they should be used.
Turn on Device Drive Encryption
Difficulty: Medium 🟡
Disk encryption or hard drive encryption automatically encrypts your fire department’s data to securely store it on your device. Encryption means that your data gets locked and unlocked using a key when data is stored – similar to how you use a key to lock a safe. This prevents anyone from accessing data without having the key. This is a very proactive way to make sure your fire department data and files are protected if your organization’s device is lost or stolen. Most modern devices have free built in features that can turn on disk encryption.