Cybersecurity for the PSAP

DHS list of best practices for first responders and emergency system operators to follow to avoid vulnerabilities

Bracing for an increase in attacks, DHS has offered a list of best practices for first responders and emergency system operators to follow to avoid vulnerabilities.

• Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.

• Maintain up-to-date anti-virus software, and keep operating systems and software up-to-date with the latest patches.

• Be cautious about all emails received, including those purported to be from “trusted entities,” and be careful when opening links within those messages.

• Do not input personal information or login credentials in pop-up windows or links within an email, and do not open attachments or click on links in unsolicited emails — access the links by navigating to the organization’s website directly.

• Look for uniform resource locaters that do not match a legitimate site, but appear to be associated with the site through small spelling variations or different domain names (.com vice .net).

• Be wary of downloading files from unknown senders. Malicious code can be embedded in commonly emailed files, such as .doc, .pdf, .exe, and .zip; and be particularly cautious of double file extensions (evil.pdf.exe).

• Only download software from trusted sites, and enable the feature to scan email attachments before downloading and saving them to a system or network.

Resources

• Information Technology Disaster Resource Center

• Team Rubicon

• Colorado Information Analysis Center (CIAC)

• Cybersecurity and Infrastructure Security Administration (CISA)

• Internet Crime Complaint Center (IC3)