October is Cybersecurity Awareness Month

Governor's Proclamation

Presidential Proclamation on National Cybersecurity Awareness Month, 2018

During National Cybersecurity Awareness Month, we acknowledge the danger that cyber threats pose to our economy and public infrastructure, and raise awareness about steps we can take to mitigate and prevent future attacks. As these threats have continued to increase year after year, my Administration remains committed to bolstering our Nation’s cyber defenses and strengthening our national security. Learn more at: https://www.cio.gov/2018/09/28/cybersecurity-awareness-month.html

White House Unveils America’s First Cybersecurity Strategy in 15 Years

The National Cyber Strategy identifies decisive priority actions to protect the American people. This strategy makes clear that the Federal Government will never stop defending our interests, and that we will bring every element of American power to bear to protect our people in the digital domain. Read full text here: https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf

Cybersecurity spotlight: The ransomware battle

To prevent a ransomware attack, experts say IT and information security leaders should do the following:

  • Keep clear inventories of all your digital assets and their locations so cybercriminals do not attack a system you are unaware of.
  • Keep all software up to date, including operating systems and applications.
  • Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
  • Back up all information to a secure offsite location.
  • Segment your network: Don’t place all data on one file share accessed by everyone in the company.
  • Train staff on cybersecurity practices, emphasizing that they should not open attachments or links from unknown sources.
  • Develop a communication strategy to inform employees if a virus reaches the company network.
  • Before an attack happens, work with your board to determine whether your company will plan to pay a ransom or launch an investigation.
  • Perform a threat analysis in communication with vendors to go over cybersecurity throughout the lifecycle of a particular device or application.
  • Instruct information security teams to perform penetration testing to find any vulnerabilities.

Learn about Critical Security Controls here: https://www.cisecurity.org/controls/

       msisac         stopthinkconnect