• Honoring The Fallen
  • Publications
  • Subscribe
  • Advertise
  • Forums
  • Contact Us
    1. Command/HQ
    2. Technology

    Basic Cybersecurity for Law Enforcement

    Nov. 2, 2023
    Police departments and law enforcement agencies cannot ignore the existence of cyber-crimes and the threat they pose.
    pixabay.com/illustrations/security-computer-protection-hood-6901712/
    65438b78a88225001efc624c Security6901712 1280

    In June 2023, several Federal agencies were the victims of a global cyber-attack. Hundreds of US companies and organizations could have also been affected. The cybercriminals are part of a hacking group that usually ransoms the hacked data, but this incident exploited a vulnerability in software used to transfer data. The Federal agencies impacted, such as the Department of Energy, immediately began to work with law enforcement and the US Cybersecurity and Infrastructure Security Agency (CISA).

    Hoping for payment, the hackers listed the companies they hacked, including universities, encouraging those affected to pay the ransom to remove their data. Law enforcement is used to handling reports of cybercrime when citizens let someone from tech support into their computer remotely or when people respond to phishing attempts for their credit card or banking data. And police officers read the bulletins about the latest cyber-scams. But are we doing all we can to protect law enforcement’s data and systems from cybercriminals?

    Safe design

    Law enforcement facilities are meant to be secure. And with the numerous layers of security, staff may think the computers they use are also safe. Facilities must secure their technology areas with physical building security. Law enforcement also needs to secure their network and systems that access the network, lowering the chances of ‘cyber intrusion.’

    • Access to the network, especially administrative network areas with sensitive information, should require multi-factor authentication.
    • Anti-virus software and all software should be kept up to date, and information technology (IT) staff should be aware of updates to hardware and software and potential cyber threats.
    • IT staff should also restrict remote access and monitor network activity.
    • Ensure information and data backups are done regularly and available if needed during a cyber-attack.

    To help combat cyber incidents, CISA provides guidelines and training resources for law enforcement and resources to help raise community awareness about avoiding cybercrime and increasing cybersecurity.

    Best practices 

    In many law enforcement agencies, IT staff handles the overall safety and security of the systems and data. Users can also do their part to protect the system from cyber threats. 

    • Do not click on suspicious links or attachments that require downloading something to open a file. If you feel an attachment or link may be legitimate, but you’re not certain, ask IT staff to be sure it’s not a phishing attempt.
    • Use strong passwords and keep your passwords safe. Ideally, use a different password for each login. Ask IT staff about using an approved password keeper if there are multiple passwords to remember.
    • Avoid using personal devices – phones, tablets, laptops – for law enforcement. Using a personal device on a public Wi-Fi or hotspot could open it up to hacking, and the hackers could find sensitive information if the device were used for law enforcement purposes. It is good practice to make sure your personal information does not become part of an investigation if your records are subpoenaed as part of the investigation.
    • Protect your multi-factor authentication devices and notify the appropriate technical security if the device is no longer in your possession.

    Preparation is key 

    Cyber-attacks happen more frequently than we may think. The Center for Strategic & International Studies, a nonprofit research organization, lists significant cyber incidents. These incidents tracked and listed focus on “… cyber-attacks on government agencies, defense, and high-tech companies, or economic crimes with losses of more than a million dollars.”. 

    In September 2023, 16 worldwide incidents were listed, including posting details about Australian federal police officers on the dark web. Cyber-attacks and intrusions will become more common, making cybersecurity in critical infrastructure, including public safety, essential.

    In the June 2023 hack mentioned at the beginning of the article, a dark website used by the hacking group claiming responsibility did not include any data from Federal agencies. According to the CNN article, the website did have this message in all caps, “If you are a government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.” In this instance, law enforcement agencies were not targeted but could have been. Everyone must remain vigilant about doing their part to keep law enforcement data and systems safe.

    About the Author

    Toni Rogers

    Toni Rogers is a freelance writer and former manager of police support services, including communications, records, property and evidence, database and systems management, and building technology. She has a master’s degree in Criminal Justice with certification in Law Enforcement Administration and a master's degree in Digital Audience Strategies.

    During her 18-year tenure in law enforcement, Toni was a certified Emergency Number Professional (ENP), earned a Law Enforcement Inspections and Auditing Certification, was certified as a Spillman Application Administrator (database and systems management for computer-aided dispatch and records management), and a certified communications training officer.

    Toni now provides content marketing and writing through her company, Eclectic Pearls, LLC.

    Email

    Continue Reading

    Sponsored Recommendations

    Voice your opinion!

    To join the conversation, and become an exclusive member of Officer, create an account today!