How secure is your online information? According to the digital security experts at Norton, roughly 2,200 cyberattacks happen every single day. That’s a cyberattack every 44 seconds. In today’s digital-first age, security has become more critical than ever. With an increasing amount of personal and professional data stored online—from digital wallets to security logins to medical records—protecting your information is essential to preventing hacks, identity theft and more.
At the Fort Collins-Loveland Water District (FCLWD), ensuring the security of our infrastructure, water and customer data is paramount. But we also recognize that we’re only as strong as our community. Security is a collaborative effort that requires active participation from users, too. This means raising your own personal awareness of risks, taking the appropriate steps to protect your personal information, staying vigilant in reporting suspicious activity and working closely with the FCLWD should any issues or concerns arise.
Working together is how we maintain District security, so we tapped FCLWD’s IT and Data/Systems Manager, Eric Dowdy to give us a rundown on security efforts within the District, as well as tips, tricks and best practices for you at home.
Why is Online Security Important?
Online security is important because it helps protect sensitive information such as personal identification and financial details. It also prevents any loopholes from openings that hackers can exploit.
Good online security efforts lower the risk of malicious online activities like hacking and phishing, which can harm both individuals and organizations. An ongoing vigilant approach to online security helps maintain privacy, prevent identity theft and keep the integrity of online transactions and communication intact—all of which is good for FCLWD customers, the District and the health of our water supply.
What is the FCLWD doing to maintain security?
According to Eric, the District has implemented significant, ongoing measures to protect FCLWD systems and customer data, going beyond what other water districts typically do. That involves a layered security approach, as well as continually working to evaluate and improve cybersecurity by adhering to best practices and seeking advice from experts in the field.
“We’re all in this together and take it seriously that we play a big role in protecting customer data,” says Eric.
So, what does the District do to protect customer and district data and stay vigilant against potential threats?
- Implements Best Practices: The District focuses on cybersecurity best practices such as enabling two-factor authentication (for our internal team), monitoring network logins and using sophisticated endpoint detection and response programs. We also conduct annual penetration tests and backup customer data in a secure manner.
- Continuous Evolution: Evolution is key in the race to stay one step ahead of hackers. For its part, the District is planning to increase our cybersecurity insurance limits based on a stronger foundation of cybersecurity practices required for the insurance underwriting process. We also consult with experts in the field on current best practices and next steps we should be taking or considering.
- Guidelines and Standards: Eric notes that the District rallies around standards provided by the National Institute of Standards and Technology (NIST). We anticipate that these guidelines may become formal requirements in the future and are diligently working to stay ahead of the curve.
- Company Culture: Perhaps most important for ongoing success, the District has made cybersecurity a priority in company culture. We take our role as the protectors of customer data seriously and have a culture of “all in this together.” In addition to hardware and software systems continually updated in the background, we also do monthly phishing training for all employees to keep everyone up to speed.
- Continue Work with the State of Colorado’s Cybersecurity HSAC Subcommittee: The District is a member of the H-SAC sub-committee, a diverse group of jurisdictions, agencies and individuals who work in the IT space. The purpose of the committee is to help in the identification, development and implementation of improving cybersecurity best practices for the state.
“This is a great opportunity because we’re plugged in at the state and federal level to get the best cybersecurity recommendations and support,” says Eric.
Now that you know what the District is doing to protect data and operations, let’s take a look at what you can do at the customer level.
What can customers do to maintain security?
According to Eric, about 90 percent of all hacks that occur are the result of what we do, or don’t do, as individuals. Those are often the result of weak login credentials, use of public networks or terminals, phishing and more. So, what’s a customer to do? Here are a few tips from Eric.
- Think before you click: Eric recommends that you’re extra-cautious when clicking on links—especially links in your email, text messages or on social media. Scammers regularly pass around malicious URLs that can auto-download ransomware or open you up to other potential cybercrimes. Regardless of whether a site, link or email looks authentic, Eric recommends validating anything before engaging with it, especially if it’s from an unknown source. This can be as simple as hovering over an email address or link to verify the target destination is credible. If you’re still not sure about whether it’s credible, err on the side of caution and don’t click. You can always reach out directly to the contact to confirm validity. For example, if you receive an email from the District with a link you’re not sure about, call us. Always remember, the District along with any credible organization will never ask for personal information such as account numbers, passwords, social security numbers, etc.
- Enable two-factor authentication: Adding an extra layer of protection to verify your identity when logging in to your online accounts is always recommended. This is called two-factor authentication (or 2FA). Two-factor authentication helps to add an extra layer of security to your accounts and makes it that much more difficult to hack by combining something you know (your password) with something you have in your possession (such as an authenticator app on your phone, a code that’s texted to you, etc.). Enable two-factor authentication on all accounts where possible starting with your most sensitive accounts first.
- Software and Hardware Updates: Keep up with software and hardware updates on computers and phones to eliminate any weaknesses. This is important because hackers can more easily access older versions.
- Monitor Your Connections: Pay attention to where you’re connecting and ensure that the connection is secure. For instance, if you’re connecting on a public network (like a coffee shop, library or the airport) refrain from logging into personal accounts, such as your bank account, as the network could be monitored by bad actors.
- Protect Your Phone: Security doesn’t end at the desktop, so it’s important to protect your cell phone, too. Your phone is an amazing tool for communication and entertainment, but it also holds an incredible amount of your personal data meaning it’s another endpoint for hackers to target. Eric recommends investing in an anti-malware program that covers your family’s computers and phones; there are great programs available for a reasonable cost.
- Use a Password Manager: While it’s certainly easier to remember a short password you use everywhere, it also makes your accounts much easier to hack. Eric always recommends using a different password for every login as well as utilizing longer passphrases. Worried about remembering all those passwords? A password manager is a great way to store and keep track of passwords to keep them safe and secure.
- Backup Your Data: Backup your data to somewhere other than your device, such as the cloud, and make sure the passwords for your backups are two-factor authenticated. Unfortunately, hacking can happen to anyone, at that point, it’s all about resiliency. In other words how quickly you can get back to your data. Backing up your data will enable you to get back up and running faster.
If you can do all of these things, your cybersecurity hygiene will be top-notch! If this list feels a little overwhelming to tackle all at once, Eric recommends focusing on the first three: think before you click, enable two-factor authentication and keep up with software and hardware updates. If you can do those three things, you’ll reduce your risk substantially.
Questions? Contact the District!
We’re all in this together! If you have any questions about how to better ensure that your FCLWD account is secure, don’t hesitate to contact us. We also have information on how to set up your secure paperless account, pay online and more. Utilizing online bill pay and ACH payments is a more secure way to access your account with us and pay your bill.