Recently, the Miami-Dade police were hacked. While the primary concern in that incident is the release of personal information, including the home addresses of officers and judges, the attack draws the importance of data security to the forefront. More and more police information is going digital. Security and encryption has to be a priority for departments.
There are definite advantages to digital evidence services like iRecord, including chain of evidence tracking and searchability. But we also offer robust protection for that information, with very good reason. For one thing, law enforcement agencies are already feeling a top-down push to tighten security. One example is the CJIS Compliance issue we’ve discussed in the past. Local law enforcement will increasingly be expected to maintain a minimum standard of protection in order to network with federal agencies.
One factor to nail down is controlled access. Not everyone in your agency needs to get to all of your secure information, so consider separating things like evidence and employee records from each other.
ThenNext, think of access not in terms of individuals, but in terms of groups. All the necessary parties should be able to access the basics. Then, limit access to more sensitive information to smaller group of officials. You can also limit physical access by controlling which computers can be used to view sensitive information, then putting them in restricted access rooms. These steps will ensure that one data breach can’t compromise security across the entire agency.
Training is a vital part of developing good security. Law enforcement officials need to apply the lessons they’ve learned about cyber crime to the workplace. Make sure everyone understands how to create strong passwords and keep them private. No slips of paper with passwords on them left lying around.
No password sharing, either. Activity logs only work if it’s clear who’s actually logging on. Education can also prevent “social engineering” attempts, like phishing. Training should be accompanied by a clear written policy about data usage and security.
If the worst occurs and you do experience a data breach, what will you do next? You should have a response plan, just as you would for any other critical incident that could affect your agency or the community it serves. Considerations include communications, staffing, and duty to inform other law enforcement agencies.
As you can see, there are many things to do on your end to protect your sensitive data. It’s equally important to choose a trusted partner to take care of your hardware and software needs. iRecord employs the latest security techniques to keep your valuable evidence protected from cyberattacks. Make sure you have the right people running your servers, people you can trust to keep them updated and secure.