Cybersecurity at the City of Long BeachRelease Date: 2023-10-02
Technology is deeply intertwined with our lives today, from mobile to connected home devices, computers, and more. As technology evolves, cybercriminals are working fast to find ways to compromise technology and disrupt personal and business life. Cyber risk management has become a top priority for the City of Long Beach as the number of cyberattacks has increased over the last few years. The City uses many strategies to secure infrastructure, devices, and networks. The Technology and Innovation Department is involved in the following cybersecurity mitigation efforts:
- Implementing a comprehensive cyber security awareness program for all City personnel.
- Sending regular cyber tips and tests to City employees to maintain and create awareness of the latest cyber threats.
- Shoring up our cyber security systems using scanning software that reviews incoming emails for threats.
- Completing regular risk assessments based on industry standards to make sure the City maintains a strong security posture.
- Actively working to help shape security behaviors, technologies, and practices.
- Continually implementing and updating cybersecurity standards.
- Implementing new technology to protect the City’s networks and systems.
- Partnering with stakeholders, including the Department of Homeland Security and other regional partners, to continually identify opportunities that significantly advance cybersecurity.
- Obtaining and exchanging threat intelligence information to stay informed of potential cyberattacks by threat actors.
As part of this year’s National Cybersecurity Awareness Month, the Technology and Innovation Department encourages the business community and residents to stay alert to malicious cybersecurity trends. Secure our World is the theme for this year’s Cybersecurity Awareness Month.
Cybersecurity Awareness Month continues to build momentum to provide everyone with the information they need to stay safer and more secure online. The City of Long Beach supports this online safety awareness and education initiative.
CYBERSECURITY INFORMATION FOR THE SMALL BUSINESS COMMUNITY
The following tips can help safeguard a business from malicious cyber activity regardless of industry or size.
- Train employees in security principles to prevent cyberattacks, including spotting phishing emails, protecting vendor and customer information, and enabling authentication tools.
- Enable Multi-Factor Authentication (MFA) that requires personnel to provide additional information, more than just a password, to gain access. Work with your vendors that support and manage your technology on implementing MFA.
- Maintain data backups with at least one copy in a secure location offsite from the business location.
- Ensure all software is updated regularly by enabling automatic patch updates to ensure systems are secure from the most current threats.
- Develop an emergency operating plan in the event you cannot access your systems and data for an extended period of time.
- Work with your CPA and an independent cyber security consultant to test your systems regularly to ensure they are secure. Typically, CPAs can refer you to reputable cyber consultants.
- If you are a business providing guest Wi-Fi for your customers, ensure your guest Wi-Fi network is separate from your business/financial network. Your internet service provider can help you partition the network.
- Implement a mobile device action plan by requiring users to protect their mobile devices with passwords to prevent sensitive information from being stolen while using public networks.
The Federal Communications Commission (FCC) has resources, including a free customized Cyber Security Planning guide, to help small businesses protect themselves from cybersecurity threats. The Cybersecurity and Infrastructure Technology Agency (CISA) has additional resources to download through the CISA Cybersecurity Awareness Program.
CYBERSECURITY INFORMATION FOR INDIVIDUAL COMMUNITY MEMBERS
Considering and addressing cybersecurity issues is essential as technology becomes integral to personal and business lives. Taking precautions will help secure personal information. There are many ways to address these issues, such as:
PROTECT YOURSELF ON THE GO
Today, most of Long Beach’s community members are using mobile devices. We use them to access our banking institutions, shop online, and connect with family, friends, and professional colleagues through social networking. Most of these activities require users to provide personal information such as their names, account numbers, addresses, email addresses, and passwords. Moreover, apps routinely ask for access to data stored on the device, including location information.
In addition, the use of unsecured, public Wi-Fi hotspots has increased dramatically over the past few years. Wi-Fi hotspots are now accessible in various public spaces, such as airplanes, in coffee shops, shopping malls, and at sporting events, to name a few. While continued access to the Internet provides us with more flexibility and convenience to stay connected, it can also make us more susceptible to exposure. The more we travel and access the Internet, the more risks we face on our mobile devices.
No one is exempt from the threat of cybercrime, at home or on the go, but you can follow these simple tips to stay safe online when connecting to the Internet from a mobile device:
- Think Before You Click. Since phishing scams are the top way people get hacked, they should be your top priority in terms of security awareness. You can spot most attacks by looking for common warning signs. These include suspicious links or unexpected attachments in messages, random requests for confidential information, and threatening or urgent language. Think before you click!
- Use Strong Passwords. Cybercriminals often use password-hacking software that can easily crack weak passwords in minutes, sometimes even seconds. Cybercriminals then get access to online accounts, which allows them to steal data or money or leverage social media profiles for malicious purposes. Don’t let it happen to you. Ensure every password is several characters long and unique to each account.
- Avoid Social Engineering. Not every attack involves sophisticated technological processes or software. Sometimes, the easiest way to hack someone is by simply misleading them. That’s the main idea behind social engineering — deception and psychological manipulation. Avoid this by staying alert, never assuming someone is who they claim to be, and treating any request for money or confidential information with skepticism.
- Update Your Software. Failure to run updates equals failure to patch critical security vulnerabilities. Cybercriminals can use those vulnerabilities to steal valuable information or infect devices with malware. In your personal life, it’s best to enable automatic updates whenever available so you never miss a critical security patch. At work, follow the policy for how and when to install updates.
- Know Your Phone Apps. Popular app stores have implemented rigorous processes to identify and eliminate malicious applications. Unfortunately, it’s still common for malicious apps to find their way to the public. Before installing anything, always do some research. Take a few minutes to review how many downloads an app has and ensure the developer is trustworthy. For work-issued devices, never install any software without explicit permission.