Recently, a Florida water treatment plant was hacked. The hacker tried to increase the water supply’s sodium hydroxide levels to poison the water supply and any Oldsmar citizens who drank or used the water.
The hacker was able to gain access to a password-protected control panel. How? The water treatment plant used TeamViewer, a remote control software.
What is TeamViewer?
TeamViewer is a widely used software program that allows users to connect to other computers and use them remotely. TeamViewer has more than half a million worldwide users and allows the user to fully control the target computer and use it as if they were the one sitting directly in front of the screen—an extremely dangerous formula when in the wrong hands.
Officials with the Germany-based TeamViewer said there was no indication of suspicious activity leading up to or after the hack. Instead, it was the system’s operator who noticed the intrusion after the hacker adjusted the sodium hydroxide levels to more than 100 times the normal levels. The operator was able to adjust the levels back to normal and stop any significant adverse impacts to the city’s water supply.
This incident highlights the vulnerabilities of critical infrastructure systems, largely due to the fact that they are online and use remote access programs—often with lackluster security measures.
The Problem with TeamViewer
TeamViewer, which is extremely user friendly, may sound like a convenient solution for business leaders. But the security risks are worrisome because of the high levels of access people can obtain even if they are off site.
Instead, to keep company data safe and secure but still allow remote access when it’s needed (we are living in a WFH world, after all), experts recommend setting up a secure VPN to your organization’s internal network. Then, a secure login should be required with multi-step authentication, and then another secure login inside the network that controls the sensitive infrastructure.
The Florida water treatment plant’s TeamViewer software had also not been used in six months but remained on the system. This further proves the importance of working with a managed services provider who can stay on top of all software your organization uses, pinpoint dormant software no longer in use, and get it removed from your network ASAP. Dormant software is a sitting duck when it comes to hackers.
Remote access is not the problem here. Remote access, especially in the wake of the COVID-19 pandemic, is a critical tool. The problem is when remote access lands in the wrong hands due to a lack of security and neglecting to properly update and monitor software.
Cybersecurity in Florida
The good news is that you can ensure your company data and software is always up-to-date and secure by calling on expert help from a managed services provider.
The professional team at ITS Group helps businesses find the weaknesses in their current systems and then strengthen them. Our team understands the importance of reliable technology, and we work around the clock to ensure our clients’ IT systems are working smoothly and staying secure.
When you partner with us for cybersecurity in Florida, we will first evaluate your organizational objectives and technology needs to identify dependable solutions that address your current and future requirements. Contact us today, and let’s get started.