Recently, Government Tech published an article titled “Justice Hacked: When Cyber Criminals Come for the Courts”. The article was a recap of the National Center for State Courts (NCSC) eCourts conference in Las Vegas where court administrators and Chief Information Officers (CIO’s) from Alaska, Georgia, and Texas shared their stories about the cyber incidents that affected them in 2019, 2020, and 2021. All three courts discussed how the attacks happened and the lessons learned. Here are 3 takeaways from that presentation and how the tools in YouthCenter can help to protect your data.
1. Use Strong Passwords
In Alaska, 86% of the passwords were hacked in less than 4 hours. There were a lot of repetitive passwords like “Alaska123”. Strong passwords are the first line of defense making it difficult for hackers to guess or brute force their way into a system gaining access to unauthorized information. Weak passwords can be cracked almost instantly, while complex passwords may take years to crack.
YouthCenter password complexity
Every YouthCenter site has the ability to enforce password lengths and complexity. Administrators can access the Security settings by going to Administration > Site Settings in the main menu.
Under the Security section, Administrators can set the Password minimum and maximum length, along with setting the complexity required by users.
While not a HIPAA requirement, it is a CJIS requirement, setting password expiration timeframes. CJIS recommends passwords expire within a maximum of 90 days. Both CJIS and HIPPA suggest a minimum password length of 8 characters.
Lock the door
Along with the password requirement settings YouthCenter offers, to keep in line with both HIPAA and CJIS security requirements, YouthCenter also has lockout thresholds in the security section for administrators.
CJIS security requirements include locking a user out after 5 unsuccessful attempts to log in. Administrators can specify how long the user is locked out. Both CJIS and HIPAA suggest an “Idle Log off time” of 30 minutes - IE if a user is inactive for 30 minutes, they will be auto-logged off. While at times this may annoy everyday users, it does help to harden the security of the system and deter any unauthorized access to data.
2. Use Cloud Solutions
After their 2019 cyber attack, Georgia courts used the opportunity to modernize and rebuild in the cloud rather than restoring legacy systems. There are many benefits to utilizing the cloud including:
Expertise: Many cloud SaaS security providers have a team of security experts who are constantly updating and improving their systems to stay ahead of potential threats.
Scalability: Cloud SaaS solutions like YouthCenter can be easily scaled up or down to meet changing security needs.
Reliability: Cloud SaaS solutions are typically highly reliable and include built-in redundancy and backup systems to ensure that your data is available when you need it.
Enhanced Security: Many cloud solutions come with automatic firewalls and Web Application Gateways that help with detecting and handling potential threats.
Since 2019, the YouthCenter SaaS has been hosted within the Microsoft Azure Government Cloud giving an added level of security and scalability for your case management. For reliability, full backups are taken daily with differential backups taken every 15 minutes. All backups are encrypted for added protection and stored for 60 days. Restoration plans are in place in case of any mass outage.
3. Train your team
According to the former CIO for the Georgia Administrative Office of the Courts, the question isn’t if or even when organizations will be hit by a cyber attack, but how bad the damage will be, which makes planning for resilience essential. If you’re using YouthCenter, you’re already taking advantage of the benefits of using a Cloud Solution. By using the password and lockout features, you’re adding to the security of your data.
Here at YouthCenter, the team is continuously trained on cybersecurity by Wizer Security Awareness which includes training modules and mock phishing campaigns to raise our team’s awareness and keep us up to date with the latest security information. Keeping your team trained is a simple and cost-effective way to provide some level of insurance in keeping your data secured and may help reduce cyber insurance costs. Security training is the ounce of prevention that’s worth way more than a pound of cure when it comes to your data protection.
This session at the eCourts conference highlighted the importance of strong passwords, cloud solutions, and training in protecting against cyber attacks. By implementing these measures, organizations can better safeguard their data and prevent unauthorized access. YouthCenter offers tools and features to help organizations meet password and security requirements, as well as being hosted within the Microsoft Azure Government Cloud for added security and reliability. It is essential for organizations to be proactive in their cybersecurity efforts and stay informed about the latest threats and best practices in order to minimize the impact of potential cyber-attacks.