A closer look into Pocatello’s cybersecurity
After a breach that left Pocatello utilities customers’ financial information vulnerable to hackers, the City is beefing up its’ cybersecurity.
The breach affected more than Pocatello, because it happened through the City’s third-party billing portal, Click2Gov.
Eight cities across the U.S. were hacked in the company’s second security breach, according to the tech magazine, Wired.
The City said only customers who made a one-time payment between July 29 and Sept. 7 were affected by the breach.
The FBI is handling the investigation and the city is working to improve it’s cybersecurity.
“We’ve worked with a third party vendor, we’ve tightened up all our security on that, we’ve rebuilt that server, 100% as secure as we can make it now,” said Chris Sorenson, the City’s Chief Information Officer. “Again, you’re always living at risk even though you have everything tightened up, but we believe we have it as tight as we can have it under the current and existing recommendations and standards.”
Sorenson said his team acted as quickly as possible once they learned of the breach.
“When you look at the standards for data breaches, usually most data breaches take five to seven months to even know it happened. We caught it while it was still happening,” Sorenson said.
For the past five years, Sorenson’s priority has been cybersecurity. He’s asked City Council to create a cybersecurity position multiple times, but continues to get turned down.
“It’s been on my budget presentation for the last two years and will continue to be so until we fill it,” Sorenson said.
The City is taking a fiscally conservative approach to the budget development. Some 76 percent of the City’s budget is allocated to personnel. Mayor Brian Blad said that adding an extra position of any kind would stretch the budget even tighter.
“It’s because we just don’t have the money. Anything we take in taxes and pay them, we take from somebody else, so we’re pretty serious about not taking more than what we need to take,” Blad said.
To protect the City and its customers’ data, the City works with the Multi-State Information Sharing and Analysis Center, which monitors the City’s network and notifies the City as soon as there’s been an attempted intrusion.
“We probably get pinged about 3 million times a month,” Sorenson said. “We block them most of the time, occasionally someone gets through, and things happen.”
Sorenson said the City is also implementing two-factor authentication for employees to access the network and is focusing on cybersecurity education.
“We live online now, everything we do is online, everything about you is online. All your finances are online. All your personal information is out there, and if you’re not careful in how you protect it, somebody’s going to get ahold of it,” Sorenson said.
Some tips from Sorenson about how to protect your information online include using strong and lengthy passwords, using two-factor authentication and avoiding oversharing online. He even suggests leaving your birthday off social media.
For more tips on how to protect your data, click here.
If you’ve been hacked, some tips on what to do next can be found here.
The City of Pocatello 2020 budget can be reviewed here.