4 Ways to Improve Cybersecurity for Labs of All Sizes

The AWWA says cyberattacks now pose the greatest threat for U.S. businesses and infrastructure, and the water industry is among cybercriminals' targets. With a robust and resilient security program, water and wastewater systems can prevent service disruptions, safeguard public health and safety, and protect the personal and financial information of customers.

Here are four ways to keep hackers from wreaking havoc on your water lab.

1. Implement Cybersecurity Best Practices

Every lab faces different risks and challenges depending on size, but all can stand to improve their security through precautionary steps.

If you operate a larger lab, you may feel it's hard to defend against hackers — especially if your infrastructure includes geographically dispersed systems run by hundreds of employees. Here, even a single point of vulnerability could be harmful.

Consider adopting some of the security measures highlighted by the Water Information Sharing and Analysis Center. These recommendations, while targeted for utility companies, also apply to testing labs. Some of the highlights include:

• Ensuring safe remote access for system users through a virtual private network (VPN).
• Identifying vulnerabilities and making security changes, either through software updates or new virus protection.
• Making sure employees are updating passwords routinely, and that they're complex and unique.

If you run a smaller lab, you may feel like you don't have the time, knowledge, budget, or staff to properly address cybersecurity. But you don't have to spring for a heavy-duty IT team to stay safe: The Federal Communications Commission provides resources to help small business create cybersecurity plans, including 10 tips that every company should follow.

First on the list is training employees. Cybersecurity awareness should go beyond just explaining to your staff what the common hacking schemes are. Consider following up with tests, such as sending a fake phishing email to your staff to see who clicks on it. Use these instances as teachable moments, because even a trained eye can still open a dangerous email.

And while you're at it, it doesn't hurt to share some internet best practices with your staff, such as which sites to avoid and why sharing a password over email is never a good idea.

2. Recognize Schemes

According to research from Willis Towers Watson, two-thirds of cyberattacks are caused by employee error or deliberate malicious behavior. But the more training your employees receive on routinely used schemes, the less likely hackers will be able to infiltrate your water lab.

The first one your lab should be familiar with is spear-phishing. This occurs when an attacker sends fraudulent emails that appear to be from a trusted sender with the intent of getting the recipients to reveal confidential information.

Another tactic is watering hole domain attacks, which occur when hackers discover which websites you normally use and infect one or more of them with malware. Then, they're able to collect information and credentials from your database.

Through credential gathering, hackers are able to gain access to systems — including, possibly, your lab's laboratory information management system (LIMS) — and either alter or steal information from them. Increasing employee awareness about these schemes can help ensure one wrong click doesn't compromise your lab.

3. Protect Your LIMS

Water labs must maintain strict standards for cybersafety in order to protect customers, whether they're large municipalities or private individuals. This is particularly relevant for your LIMS, as any system connected to the internet can be the target of an attack.

Every LIMS — at the least — should include security features that protect the system and its data. Ensure that yours provides automatic backups at frequent intervals and that all new files are scanned for viruses, with alerts set up for potential security threats.

When transferring data, check that it's encrypted so that anyone trying to illegally access it cannot easily decode it. Additionally, role-based configuration makes sure only individuals with privileges can access programs and data, which can alleviate errors, avoid data loss, and prevent tampering.

Talk with your LIMS provider about other safety features your system offers that can help protect your business and customers.

4. Underscore What's at Stake

Your lab's mission is to ensure water is safe for your customers. And, in turn, customers need to feel confident in the results you deliver and the information you maintain. That means whether you're a large lab serving customers nationwide or a small lab with just one employee, cybersecurity must be taken seriously.

If it's not, you can face consequences in the form of malicious emails and corrupted websites, stolen customer data and financial information, the installation of ransomware or malware, or compromised test results. It's water labs' duty to preserve public health, and hackers have the ability to compromise that, too.

But with a cyber plan in place, the Environmental Protection Agency says water labs can:

• Give customers the accurate, quality information they're seeking.
• Ensure that confidential data from customers and testing stays safe.
• Earn customer loyalty and boost brand reputation by putting privacy first.

No matter what size your lab is, make sure your staff knows what's at risk when cybersafety is compromised. And emphasize that when everyone makes the effort, the sensitive information of your business, customers, and employees has the best chance of staying safe.