Local Cybersecurity Expert Aghast, But Not Surprised by Unsecure Ocean County New Jersey Government WebsiteNo comment
IT and data governance matters, and Ocean County New Jersey residents deserve better as county officials are failing to fulfill their legal and ethical responsibility to protect their citizens. As an Ocean County taxpayer and IT expert, I was aghast, but not at all surprised after a recent visit to the official county website where I saw that the site was not secured in the most basic, industry-standard way with an SSL certificate. The relatively large, dated website based on old technology also disconcertingly houses microsites such as the Office of Emergency Management and unfortunately, the Ocean County Information Technology Department. The IT department claims to maintain over 225 servers throughout the County, provides connectivity to all County of Ocean agencies and among other critical functions, maintains the county’s e-mail and provides “state of the art training” for IT practices in Ocean County.
Before you click away, I promise to keep this SSL thing as “plain-English” and non-technical as possible.
In laymen’s terms, SSL is the standard for establishing an encrypted connection between a web server and a user’s personal computer. SSL ensures that all data passed between the server and the user is private.
SSL gives website owners a way of protecting their sites by providing a means to ensure that users are sending information to the right web server and not to an imposter site that can view or steal information. It also ensures that information sent across the Internet is encrypted so that only the intended recipient can access it. This very elementary type of security measure, embarrassingly missing from the Ocean County Government site is imperative, especially for official websites as citizens are increasingly being directed to them to consume important and timely information such as where to go in the event of a catastrophe or how to report a crime.
Make no mistake about it, the lack of SSL on the Ocean County website is careless and amateurish, akin leaving your car running with the door open in a high crime neighborhood – but worse, because the consequences of the official government site being hijacked would be far worse than a stolen auto.
With New Jersey schools, businesses, hospitals, and municipalities being hacked at alarming rates and putting the public’s safety at risk, New Jersey taxpayers deserve better. Nearly 1000 US Government agencies were affected by ransomware attacks in 2019. In 2017, hackers disabled Newark’s computers and were reportedly paid a ransom by the city. Another NJ municipality was swindled out of $40,000 when they received a fraudulent email which urged them to transfer bond anticipation note payments to a fraudulent account. At least 36 NJ municipalities have been the victims of cybersecurity attacks in the past couple of years. Where is the heightened awareness about the issue of cybersecurity in Ocean County? These staggering numbers show how prevalent ransomware and other cyber crimes have become. Ocean County owes the public some answers.
The author is a certified information privacy technologist and information technology expert. He owns a home in Ocean County, NJ and is a member of the cybersecurity firm, Partners in Regulatory Compliance.