Technology

Halifax looks to secure itself against hackers

Protection against social-style attacks are particularly important, say municipality and experts

It should take around one month to test Halifax’s computer security, according to the tender.   Trent Erickson

Everyone is a possible target when it comes to hacking, including municipalities like Halifax.

To protect itself, the Halifax Regional Municipality hires a firm every two years to find vulnerabilities in its computer systems.

“This is definitely worthwhile,” said Phillip Evans, HRM’s manager of technology and infrastructure. “It takes an independent set of eyes to look at our systems and make sure we’ve got all the security measures in place.”

All of HRM’s departments share a centralized computer system, so security assessments affect all departments and employees.

However, not all areas receive the same level of scrutiny, as the police department will be more closely analyzed than others. Their system has to meet high requirements to be allowed access to Canada’s national police database.

In the tender document, released Feb. 5, the HRM asks firms to not only look at hardware and software vulnerabilities, but at vulnerabilities to social-style attacks like phishing and ransomware.

“Phishing is probably the No. 1 thing that keeps people like me up at night,” said Jim Kirk, director of the NSCC information technology program.

A phishing attack happens when an employee unknowingly gives information like usernames and passwords to a hacker, which the hacker then uses to infiltrate a computer system.

Kirk said “awareness is the first step” to combat social-style attacks. If employees know not to give their information out or follow links from an unfamiliar email address, there won’t be as many social-style attacks.

Evans also agrees education is important. He said HRM employees have received security awareness training and will continue to do so. 

Personally, Evans is more concerned about another sort of social-style attack: ransomware. Ransomware encrypts data and holds it hostage until the target organization pays the hackers responsible.

Evans said the HRM already uses many strategies to protect their computers from attack — none of which he could give details about.

The last time the HRM asked for a firm to test its cyber security it received quotes ranging from $40,000 to $150,000.

The tender for the 2018 assessment closes on Feb 27.