October is Cybersecurity Awareness Month, and this year’s theme from CISA emphasizes the importance of securing key areas of our digital infrastructure. Public safety organizations like 911 centers and Emergency Communication Centers (ECCs) play a vital role in protecting communities, which makes their cybersecurity practices critical. One of the simplest yet most effective ways to enhance cybersecurity is through the implementation of strong passwords and multi-factor authentication (MFA).
Importance of Strong Passwords and Protecting Accounts
According to a report from Verizon, 81% of data breaches are due to weak or stolen passwords. For public safety organizations managing sensitive information, such as CJIS data, maintaining strict password policies is essential. By enforcing complex passwords that include a mix of characters and regularly rotating them, 911 centers can reduce the risk of unauthorized access and data breaches.
Did You Know?
- 1/3 of public safety organizations experienced cybersecurity incidents over the past 5 years that impacted communication, including compromises stemming from weak or stolen credentials
- 55% of public safety organizations state they could not maintain adequate security measures
- Over 80% of hacking-related breaches are linked to stolen or weak passwords
Strong Password Tips
- Use long passwords (16+) or passphrases that include a mix of uppercase and lowercase numbers, and special characters
- Use different passwords each time – don’t “tweak”
- Perform regular audits and assessments of password policies and practices to ensure compliance and identify areas for improvement
However, relying on passwords alone isn’t enough in today’s cyber threat landscape.
Adding MFA—which requires users to provide two or more forms of verification—greatly enhances security.
CISA reports that MFA can prevent up to 99% of attacks on critical systems.
By implementing MFA, public safety agencies can create a more secure environment, making it harder for malicious actors to compromise their networks, particularly during times of heightened cyberactivity, such as Cybersecurity Awareness Month.
MFA in Action
- The FBI has mandated all organizations accessing CJIS must have implemented MFA by October 1, 2024
- Many local police departments have started using MFA to comply with CJIS requirements, including RFID badges combined with PIN or biometric identification
What is MFA?
- What you carry
- Keys
- ID card
- Phone
- Who you are
- Retinal scan
- Fingerprint
- What you know
- Passwords
As we recognize Cybersecurity Awareness Month, public safety organizations are encouraged to review their security practices. CISA’s campaign focuses on “Secure Our World” with an emphasis on individual action to improve overall security. For agencies managing critical emergency communications, simple actions like implementing strong passwords and MFA are foundational steps toward improving their cybersecurity posture. You can explore more resources on cybersecurity best practices through CISA’s Cybersecurity Awareness Month page.
Investing in these basic security measures can make a huge difference in the safety and reliability of 911 systems. As cyberattacks grow more sophisticated, it’s vital that ECCs and 911 centers remain vigilant and proactive in their cybersecurity efforts. By combining strong passwords with MFA and promoting cyber awareness, they can continue to provide secure, uninterrupted services to the communities they serve