This article is posted with permission from Sophicity’s CitySmart blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. Sophicity is solely responsible for the article’s content.
Free software. It sounds like a great bargain. However, a recent incident shows the dangers of freeware. Back in September, CCleaner (a common free software) experienced a major security flaw. When CCleaner pushed out a software update for its customers, the software update contained malicious code
that could be used by hackers to control a person’s computer.
At first, this seems like a problem that any city—even if they work with IT professionals—could not have avoided. After all, a legitimate company pushed out the update. What can you do about such a situation?
Actually, there are quite a few lessons to learn from this situation—although the lessons are subtle compared to the warnings we would typically give about avoiding viruses or malware. Yet, the security issues and liability from using freeware may be just as serious.
1. If IT professionals aren’t monitoring, patching, and updating your software, then how will you know there is a problem?
If non-technical city staff use freeware software like CCleaner, then how will they know a security issue exists? If they are not keeping up with professional technology security news about software vulnerabilities, then they may not know about this issue for a long time. However, IT professionals will know about such issues within minutes or hours because they get the alerts and understand the implications.
2. If you do know about an issue, then...now what?
Okay, let’s say non-technical city staff find out about a problem with a software update. Now what? What will they do to make sure that hackers will not exploit this security vulnerability, control your city employees’ computers, and steal confidential or sensitive information?
Part of addressing such an issue means having an underlying understanding of the issue as a foundation and then the experience, processes, and tools to both quickly resolve and mitigate the risk moving forward.
3. What problems are you hiding by using freeware?
Do you realize the risk to your systems, records, data, finances, and citizens’ identifiable information that your city manages when you rely upon non-technical employees to perform computer maintenance? This is a great risk in today’s world.
Consider additional freeware tools other than CCleaner that your city may be relying upon for:
4. Is your freeware meeting policy and compliance standards?
- Antivirus: Employees in charge of their own antivirus software is a big risk, as employees may not keep antivirus definitions up to date.
- Data Backup: You cannot guarantee that backups are occurring without IT professionals monitoring and testing them.
- Email: To lessen liability, your city needs an enterprise email system with its own domain name (such as email@example.com) instead of using a free service.
- File Sharing: What processes are in place to ensure compliance? In other words, are only authorized users sharing authorized information in a secure transmission of data?
Overall, enterprise software that is maintained by IT professionals helps ensure that you are following city policies and meeting compliance standards. Otherwise, your seemingly innocent use of freeware may break the law in multiple ways or increase your liability because of:
- Risk of permanent data loss
- Exposing confidential and sensitive information to unauthorized users
- Installing viruses and malware onto your computer
- Risk of untracked data changes or (even worse) fraud
With freeware, you’re increasing the likelihood of a data breach, compliance violation, virus, ransomware, malware, or data loss. Cities serve an important role—no matter how big or small the city—by safeguarding and protecting sensitive, confidential information. Don’t let a “bargain” like freeware compromise your stewardship of citizen information.