Cybersecurity for Small Systems

Cybersecurity threats can happen with a single click—and the consequences can be costly. Whether it’s a phishing email, ransomware attack, or accidental data loss, even small mistakes can put your systems and operations at risk. Taking simple, proactive steps can go a long way in protecting your organization.

Treat every unexpected email or text with caution. Don’t click links or open attachments you weren’t expecting. When in doubt, call the sender or navigate to the official website. Train all staff in cybersecurity awareness so they know what to watch for.

Keep computers and software up to date, use antivirus and anti-malware software, set up a firewall, and enable multi-factor authentication (MFA) wherever possible so that a stolen password alone can’t grant access. Use strong, unique passwords for each account that are 16+ characters long. Do not share passwords and change them regularly.

Watch for red flags like typos, odd “from” addresses, and messages that pressure you to act fast. Back up important files regularly, either to the cloud, an external drive, or backup software. If ransomware, malware, equipment failure, or accidental deletion occurs, backups may allow restoration of files without having to start over.

Keep personal browsing separate from business by using different devices. Lock down your operational technology (OT), such as a SCADA (Supervisory Control and Data Acquisition) system for a water or wastewater system. Turn off any unnecessary internet connections, and if remote access is required, place OT behind properly configured firewall(s) with only essential ports open. Use MFA for remote sessions and ensure logging is enabled.

Free resources are available through MAP, Inc. staff and are also located on the Cybersecurity & Infrastructure Security Agency (CISA) website at cisa.gov/water, including checklists, alerts, and no-cost external vulnerability scans for small drinking water and wastewater systems.