It’s a fact of life in 2019 that cyber threats are everywhere. We know that we need to set strong passwords on our email, encrypt connections to our banking, healthcare, wifi, and even lockdown our social media accounts.
So, why should your emergency notification system (ENS) be any different?
A breach of your email or social media could be embarrassing.
A breach of your bank account could be inconvenient and very costly.
A breach of your emergency notification system could be even worse. It could reduce confidence in real alerts or even put your community in real-world danger by causing a panic.
What can you do to help ensure that a hacker doesn’t compromise your ENS?
Anything connected to the outside world can get hacked. The Internet isn’t the only threat. That is a fact of life in the modern world. If you can reach your ENS from the outside world by any means, a hacker can and probably will try to hack into it at some time. Some hackers are just curious, but many can and will do serious harm if they get in.
Unless you unplug everything, rendering all systems totally useless, you’ve got real risks to mitigate.
So, we know that “100% unhackable” is likely not realistic. With this in mind, let’s focus on making your ENS really hard to hack.
If you make hacking difficult, it’s not worth the effort. We call this “hardening” the system. Hardening is the key. The goal of your ENS security should be to make hacking no fun for the hacker.
6 tips to harden your emergency notification system:
1. Keep software up to date
Make sure any servers or software used for your emergency notification system is kept updated. If it’s on-site, your administrators should subscribe to email lists and announcements so that they’re ready to test and apply security patches when they come along.
If your ENS is a hosted “Software as a Service”, like Omnilert, make sure your vendor is keeping their systems updated.
An unpatched server is a hacker’s best friend.
2. Beware of outdated technology
The Internet isn’t the only threat when it comes to hacking. Lots of older physical systems, such as sirens, radio pagers, and overhead paging systems, were built before hacking was really an issue. Many older systems simply don’t or cannot keep up with the times and thus have gaping holes exposed through connections to public telephone networks or radio signals.
All physical systems connected to your ENS should be reviewed regularly for possible security holes and kept updated accordingly.
3. Your ENS is only as secure as your weakest password
Like any critical system, you should use good, strong passwords, especially for your powerful administrative logins. Longer is better. Be sure to use a mix of letters, numbers, and symbols. Most emergency notification systems, like Omnilert, offer options to enforce strong passwords. Turn those features on.
You should also consider a policy to require all passwords to be stored securely, never shared, and changed regularly. You may also benefit from using one of the various "password manager" services available.
4. Change your password often
Administrators should be encouraged to change their passwords on a set interval. Old passwords should not be "recycled". (Omnilert includes functions to enforce password changes accordingly.)
5. Use separate logins for "day-to-day" and "super" admin access
Most systems allow you to keep your main administrative and day-today accounts separate.
If your day-to-day tasks don't need full access to your whole ENS, then set up a restricted account for daily use. Keep your "super" access secured with a very strong password and use it sparingly. This way, if your day-to-day password gets compromised, the attacker can do less damage.
6. Don't leave critical documents unsecured
You may have the best passwords and encryption on the planet, but if the main password is on a sticky note in the lobby, you're primed to get hacked. Always shred critical documents, such as outdated emergency response plans, password sheets, etc. before tossing them in the recycle bin. Hackers can and do love to "dumpster dive".
I hope nobody out there ever gets hacked. Follow these tips and you should be less of a target for the would-be hackers and cyber attackers out there. As long as we live in an interconnected world, we all need to take precautions to keep the bad guys out of our critical systems.
To continue your knowledge of ENS tips and insights, download the Insight ENS Testing Best Practices.