October marks the 20th anniversary of Cybersecurity Awareness Month, a global initiative to strengthen our digital defenses and a time to recommit ourselves to safeguarding our swiftly evolving digital landscape. As the Department of FISCal’s (FI$Cal) chief information security officer, I am excited to share with you some cybersecurity tips from our Enterprise Security Services Office (ESSO).
Although I am pleased to say we were recognized as one of the top state entities in the most recent Information Security Assessment, it is important that we continue to stay security-aware and diligent. Threats come in many forms. In particular, phishing, which involves targeting individuals and convincing them to take action that reveals sensitive information or download malicious software, is the most common method employed by hackers. In 2019, the FBI estimates more than $1.75 billion was lost to business email scams. A successful phish can then lead to password harvesting. If you need some tips on passwords, the National Institute of Standards and Technology (NIST) Cybersecurity Framework has some guidelines that might help you build a better password.
Don’t forget to secure your mobile devices. Think before you download a new app on your mobile device; most apps collect data from your phone and might include your personal information such as name and credit card number. Connecting to public Wi-Fi networks that do not require a password is another mobile device risk. Cyber criminals create fake Wi-Fi hot spots in order to trick users to connect to it and steal their data. These are just a few examples of possible cyber threats; the National Security Agency provides a best practices guide for securing mobile devices.
Here are just a few more things you can do to keep safe:
- Software updates: Consistent updates are the first line of defense against emerging threats. Promptly install patches and updates to ensure potential vulnerabilities are swiftly addressed.
- Multifactor Authentication (MFA): MFA adds another layer of security by requiring multiple forms of authentication, even if passwords are compromised. MFA is considered one of the strongest methods of authentication.
- Strong passwords: Always use a combination of upper and lowercase letters, numbers and special characters. Avoid easily guessable information such as names or birthdates.
- Reporting phishing attacks: Keeping vigilant against phishing attacks is essential. If you receive suspicious emails or messages, do not engage and report them according to departmental policy.
As we work toward becoming the accounting book of record for the state of California, I am proud information security is part of this journey. Cybersecurity is a critical component of Assembly Bill 156, which aligns with the governor’s Cal-Secure Roadmap and the National Institute of Standards and Technology (NIST). The Cal-Secure Roadmap outlines a leading-edge path for information, privacy and cybersecurity for the state government security community. The NIST Cybersecurity Framework sets the framework for state Information Security Policies. As a result of the hard work and contributions from everyone in the department pursuing cybersecurity initiatives, we are well-positioned to meet these goals that will continue to enhance and mature FI$Cal’s cybersecurity capabilities.
Information security is a shared responsibility, and ESSO is committed to working with everyone to safeguard our information assets. Think of this October as an opportunity to remind ourselves of the importance of security best practices.