Cybersecurity Needs Both Awareness and Action
Protecting state data and systems is the responsibility of every person in a department. Annual and ongoing cybersecurity awareness training is one important control. However, departments need to take action to ensure that training content and controls are actively being used by staff.
ACTION STEPS:
- Develop written controls for every staff member specific for the type of data and systems they will use
- Confirm with some form of monitoring that these controls are actively integrated into daily operations
- Ensure staff have an easy way to report concerns or suspicious activity
Always report any suspicious activity to your security staff immediately. See our CTR Cyber page for more cybersecurity internal controls and tips that you can share with your staff.
Contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.