NEW MILFORD — About 100 days ago, the town’s information technology system was considered vulnerable to attacks. But after a series of new practices and changes, the town is on its way to becoming secure.
The offsite and off-network storage for the police department was stored at John Pettibone Community Center under a sprinkler. Several employees’ emails and passwords were found on the dark web. Employees’ computers didn’t automatically lock after being inactive and there weren’t strict password requirements, said David Watson, the town’s new IT director.
The town and police department backup storage are now off site and off network which protects the town if something happens to the internal infrastructure, such as malicious software.
“There’s no two ways about it,” Watson said at a recent Town Council meeting. “There were in the network. They were no way protected.”
He said this is especially important because it protects the towns from the hacking ransoms that have happened across the country where someone blocks access to the network with an encryption key and the information can only be accessed once the money is paid and the key is turned over. If the town were to be hacked now, the information can now be restored the network to what it was before the hack happened and then patch the problem that caused the hack to happen in the first place.
The department also rolled out a program that protects the town computers from bad updates. An automatic lockout was also established if a computer is inactive for 10 minutes, which requires the user to re-enter their password. Watson said this prevents someone from sitting at the employee’s desk and doing something malicious while the employee isn’t there.
Antivirus updates are also pushed out to employees now. Watson said he lost count of the number of town computers that didn’t have antivirus protections at 35 and said there five alone in the police department.
“That’s a significant vulnerability in and of itself,” he said.
Watson also scrubbed more than 200 workstations, which helps the town have a better idea of what’s in use. The computers’ activities are also now logged in a central location to help the staff see maintenance trends and vulnerabilities.
“These logs can be in the thousands for every hour,” he said. “It’s impossible to review them on a one off basis.”
Watson said he’s also working on teaching employees about phishing, which are ways for hackers to trick people into entering their credentials because the sent email is made to look official. He is also do as other things to make the town’s IT more secure.
Mayor Pete Bass said he brought Watson on because he wanted to step up the town’s cyber security and these practices are being added to employee policies.