City Assessing Website After False Alarm
A cyber scare sends the city of Tulsa scrambling to protect its website and many of you, but it was a false alarm. Now the city is out of $20,000, and its chief information officer is now on the hot seat.
An information technology expert who makes sure servers are secure says mistakes happen. "This is nothing new," explained Tim Jackson with Jackson Technical in downtown Tulsa. Jackson says it usually starts like this, someone notices an unusual spike on their website and determines it's trouble. However, he says they usually ask for it, paying for people like him to consult them on security measures. The city of Tulsa says it actually hired a Utah-based firm to conduct unannounced tests to find weaknesses. "However, I think because this was something that was new to us we responded in a defensive manner I guess you could say," Tulsa City Manager Jim Twombly told Tulsa's Channel 8. He says the firm changed it's way of conducting those tests, so they didn't pick up on the tests right away.
The city's website was offline for a couple of weeks and some parts of it, still aren't working. It also spent $20,000 notifying people who had filed police reports or applied for a job online in the last decade that their personal information was out there. Twombly says it was never in jeopardy, but he says the scare has been very educational. "We have some weaknesses obviously. We're addressing those and getting some assistance in that effort," he explained.
Jackson says there's a lesson in it for you too.
His advice is to only provide the minimum information that's required to conduct your e-commerce business. He says he often recommends using a special credit card that has a low limit just for use for online purchases as well. Jackson says if there is a breach it's easier to find the problem if you take those measures.
The city is reviewing and improving it's IT department will take months. In the meantime, the department's director has been placed on paid administrative leave for an unspecified time.