CTR Announcements

Do you have a Strong Security Culture?

According to the SANS Institute, a leader in cybersecurity training, it is important for organizations to have a “Strong Culture of Security.” A Security Culture would be your workforce’s shared attitudes, perceptions and beliefs towards cybersecurity. For state agencies, security of data and systems are an integral part of your agency operations and internal controls.

Below are a few action steps to foster a positive Security Culture:

• Leadership sets a strong “Tone from the Top” that supports security of data and systems
• Leadership supports ongoing annual and other micro security awareness and fraud trainings
• Data and system security is a business and operational issue for all employees across the agency, not just an IT issue
• Staff are trained how to spot suspicious communications and where to report
• Staff feel safe reporting suspected fraud or unexpected emails, calls, texts

See our CTR Cyber page for more cybersecurity internal controls to keep you safe at work and at home.

State agencies should contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.