AMBER ALERT

An amber alert has been issued. Click here to visit the Amber Alert site.

IN.gov MESSAGE

Header

Agency Links
IN.gov Links

Main Content

Welcome to the Indiana Cyber Hub Blog

The Indiana Cyber Hub Blog is your all-new, online resource featuring helpful advice and guidance from the Hoosier State's Cybersecurity Program Director, along with the perspectives of a wide range of cyber industry experts. 

TODAY is World Password Day!

MANAGING YOUR PASSWORDS - IT'S EASIER THAN YOU MIGHT THINK

May 5, 2021 

By Chetrice Mosley-Romero 

A recent article on SecurityMagazine.com reported that a Dell Technologies Brain on Tech study found when people were tasked with logging onto a a computer (or, presumably, any mobile device) with a long and difficult password, their stress not only increased by 31 percent within (just) five seconds, but it continued to rise even after successfully logging in. 

Sounds familiar, right? We've all been there. After all, the average internet user in the U.S. has around 70-80 different passwords. And while each one is supposed to be unique; you might be surprised to know that the most popular password in 2019 was 12345, followed by 123456. 

Of course, with more people than ever before working from home and attending school remotely, the necessity of adding strength and a greater measure of complexity to the passwords we create -- for everything from our social media and email accounts to our bank accounts, medical records, and any other sensitive data we want to keep secure -- is, to put it mildly, changing rapidly. 

At the same time, you'll be encouraged to know there are a lot more "easier-than-you-think" tips, solutions, and resources available to help you make sense of it all. To get started, there's two things to keep in mind -- you'll want to make passwords that are hard to guess, but easy to remember. And the longer the password, the better -- use at least 16 characters whenever possible. 

To make your digital life easier, here's some other key tips to follow, including: 

  • Never reveal your passwords to others.
  • Be sure to use different passwords for different accounts.
  • Use multi-factor authentication (MFA). It helps add a layer of protection and learn more on using it for some of the most popular websites. 
  • Consider using a password manager

For additional information on keeping your personal information secure, visit the Indiana Cybersecurity Hub and check out our cyber tips page

As we celebrate World Password Day, it's a good opportunity to look over the passwords you're using and take some time to do what you can to stay safe whenever you're online (without all of the stress).

NOT ALL SUPERHEROES WEAR SUITS

April 28, 2021 

By Stephen Cox 

Not all superheroes wear suits. 

A hero to you may be someone's neighbor from down the street, or it may be a firefighter or police officer who you see often in your area. In fact, someone you may not even know is working hard for you right now to keep you and your loved ones safe. 

While we know help will come if we call 911, Hoosiers from all works of life continue to work behind the scenes to protect the state from cyberattacks, volunteering their time and expertise to make Indiana stronger. The members of the Indiana Executive Council on Cybersecurity (IECC) have propelled Indiana to be a leader in cybersecurity, and today -- National Superhero Day -- it seems appropriate we recognize the work of these selfless men and women and how it has contributed to our safety every day. 

For the past four years, the IECC has worked to insulate government, businesses, and individuals from cyberattacks by identifying gaps and implementing strategies. And these are not just government employees paid by the state to do the job. The council is comprised of 35 members and more than 250 advisory members who donate their time and energy to support this effort, and in the process protecting you and me. 

Since my appointment as Executive Director of the Indiana Department of Homeland Security, I joined many of the IECC members in immersing myself in not only the threat of cyberattacks, but also the safeguards necessary to prevent them from occuring. This is complex work that has required the members to set time aside -- above and beyond their everyday careers -- to work hard, learn quickly, and produce results related to the Indiana Cybersecurity Strategic Plan. It is an impressive level of commitment that has had an enormous impact on our state. 

With all this progress made, cybersecurity remains a growing threat to the public and private sector. Our efforts as a state will have to grow alongside this threat. The IECC and its diverse makeup is built for this challenge, and Indiana continues to make cybersecurity a priority across the board. The state has some of the smartest minds and top talent working toward a safer future. 

If you were to learn more about the makeup of the IECC, you will see that "behind the masks" are dedicated individuals who are great Hoosiers. I am thankful to have them in our corner.   

A "CYBER" SIGN OF THINGS TO COME

April 21, 2021 

By Chetrice Mosley-Romero

Less than two years ago, a New York Times report included a forecast that predicted, by 2021, there would be 3.5 million unfilled cybersecurity positions globally; a statistic that seems especially profound when you consider that the figure was at just one million positions in 2014. 

In the midst of this incredible demand, it seems fitting that as we celebrate Autism Awareness Month (also referred to/celebrated as Autism Acceptance Month and World Autism Month) that a California-based company announced earlier this month its participation in a program that will help grow its workforce in central Indiana by providing jobs to people with autism and other disabilities. 

Ingram Micro Commerce & Lifestyle Services says the e-Stewards ADVANCE+ program will fill these positions at the company's IT Asset Disposition (ITAD) Processing Center in Plainfield. The facility is dedicated to providing services for companies needing to securely dispose of their IT equipment; a task that is particularly important, given the fact that the process requires employees to ensure that all of the data (including all files, personal identifying information, and other proprietary materials) is completely securely removed from the devices. 

In a recent interview, Ryan Roudebush at Ingram Micro said, "where it's been piloted before, the employees with autism have proven to be very adept working in these types of positions." He added, "In fact, one study showed they are 98 percent productive when they're on the clock and the average employee is closer to about 60 percent." 

Initiatives, such as this, are encouraging, too, as it comes at a time when the cybersecurity industry is continuing in its efforts to become even more diverse and inclusive in its hiring practices. For its part, Ingram Micro is piloting the program out of its Plainfield location, but says if it all goes well, it will look to expand it to the company's other two Indianapolis facilities and, possibly, to other locations across the U.S.

For more information about related cyber career opportunities in Indiana, you can visit the Indiana Cybersecurity Hub and learn more about becoming a cyber professional. By doing so, we can educate, grow, and help to retain an even greater cybersecurity workforce across Indiana. 

PUBLIC SAFETY TELECOMMUNICATORS DELIVER A RESILIENT CYBER DEFENSE FOR ALL HOOSIERS

April 14, 2021 

By Ed Reuter

As if the urgency of a single 911 call isn't important enough in saving someone's life, imagine being the person at the emergency call center, whose responsibility it is to urgently send help, having to contend with the threat of a cyberattack shutting down every call from getting through its system? 

Varying in intensity and sophistication, these types of cyber-related incidents that have impacted local 911 centers is adding to the already intense, around-the-clock work performed by the public safety telecommunicators, whose dedication to their jobs makes life easier for all of us. Amid these challenges, it is my pleasure as the executive director of the Indiana Statewide 911 Board to commend their tireless efforts as part of National Public Safety Telecommunicators Week

All of this comes at a time when the technology we're using to operate our communications systems is advancing ever rapidly. At the same time, cyber criminals are using tactics ranging from ransomware to business email compromise to steal personal data and/or take over control of the system itself. That's critical, especially when it comes to local government and maintaining a solid infrastructure. 

All it takes is one domino to fall and before you know it, the situation can escalate quickly, causing new problems to emerge -- including attacks on our backup systems. That said, there are practical solutions -- that can begin at the workstation of a dispatcher -- to manage these threats and allow a county or local municipality to address their public safety needs every minute of the day, including: 

  • Adopt/implement clearly defined cybersecurity policies that include regular risk assessments
  • Once all the cyber policies/procedures are in place, employees will need regular training to allow them to practice as a way to recognize and stop cyber threats
  • Focus on prevention, encourage collaboration and teamwork, and evolve your rules to fit the ever-changing nature of emerging threats

The State of Indiana also offers county and local government emergency managers a range of cybersecurity resources to help improve a cybersecurity plan, as well as measure its effectiveness in the event of a cyberattack. For more information, visit the Indiana Cyber Hub to learn more about the Indiana Cybersecurity Scorecard or the Emergency Manager Cybersecurity Toolkit

I've often said that our local 911 centers are the heart and soul of our emergency communications systems. Because of that, it's fair to say that every person who serves their community as a public safety telecommunicator possesses within themselves the heartbeat and the pulse to keep the system operating in a way that protects us all. Together with our Chair, State Treasurer Kelly Mitchell and on behalf of our staff and all Hoosiers, we thank our telecommunicators for their dedication and service

To learn more about this important topic, you are welcome to watch the latest episode of the "Days of Our Cyber Lives" podcast from the Indiana Bond Bank. State Treasurer Kelly Mitchell and I are joined in the conversation by Indiana's Cybersecurity Program Director Chetrice Mosley-Romero and Mark Wuellner, executive director of the Indiana Bond Bank. 

Keeping our 911 systems secure is our first priority. To learn more about the Indiana Statewide 911 Board, visit our website or on social media on Twitter or Facebook

THE INDIANA DEPARTMENT OF REVENUE TAKING CYBERSECURITY TO THE NEXT LEVEL

April 7, 2021

By Bob Grennes

It's April and the individual income tax season is in full swing. As you would guess, it's one of the busiest times of the year for the Indiana Departnent of Revenue (DOR). During this season, DOR processes approximately 3.5 million tax returns and issues around 2.2 million refunds equaling more than $800 million. You've probably never thought about the volume that comes through DOR's processing systems, and while 3.5 million returns is no small feat, it's just the tip of the iceberg. 

Indiana's tax world touches millions of individuals, businesses, corporations and organizations processing over $20 billion and administering 65 tax types. This makes cyber and data security along with ID protection and refund fraud prevention paramount to everything we do. 

DOR's cybersecurity team was launched in 2013 and is led by DOR's Chief Information Officer and Chief Information Security Officer. Not only does DOR comply with all IRS requirements, but we have adopted the technical security that the U.S. Department of Defense uses taking our security to the next level. All of DOR's 700+ employees take extensive security training every year, which includes a large amount of cybersecurity information. Additionally, all vendors and partners connecting with DOR systems or receiving DOR data must comply with our comprehensive security requirements. 

Not only is keeping data safe part of our overall mission for the agency, To serve Indiana by administering tax laws in a fair, secure, and efficient manner, but it's also at the heart of everything we do. 

Our extensive ID protection and fraud prevention program that keeps bad actors from stealing hardworking Hoosiers' identities or tax refunds is full of cybersecurity measures. DOR's program utilizes big data, sophisticated system business rules and forensic analytics to identify and stop identity theft and fraudulent tax refund activity. This team meets daily during individual income tax season to update systems to adapt to new fraud schemes and is an active participant in the IRS's Information and Sharing Analysis Center (ISAC) -- an IRS, private industry and state revenue agency partnership in preventing ID theft and refund fraud. This partnership allows for a more robust set of data to help catch fraud before entering our processing system. 

In its eighth year of operation, DOR's fraud program has stopped $180 million of tax refund fraud and prevented nearly 95,000 Hoosier identities from being stolen. Last year alone, $28 million in fraud was prevented.

To learn more about DOR's fraud program, be sure to visit our website at: www.in.gov/dor/fraud-prevention/indiana-eliminating-tax-fraud-attempts/

 

 

CELEBRATE WORLD BACKUP DAY! 

Keeping Your Data Secure Provides Protection for You - At Home, Work & School, Laptops, Phones & More

March 31, 2021 

By Chetrice Mosley-Romero 

When it comes to making films, Hollywood loves a great prequel.

Whether it's on TV (think "Young Sheldon") or the movies (Star Wars trilogy), there always seems to be something that we discover in a prequel that we didn't expect, simply by going back in time. 

Fast forward to today, March 31, 2021, It's World Backup Day -- an opportunity that reminds us all that it's important to back up our files regularly -- at work, at home, or at school, including our laptops, desktops, phones, and other mobile devices. 

And while it's true backing up your data is a simple, three-step process, we can all agree that there are two aspects of our daily life -- backing up our data and working from home -- that's a part of the film we've all starred in since the beginning of the Pandemic. 

That's where the prequel comes in. 

Did you know? In 1998, almost a year before the release of "Toy Story 2", an animator, who was intending to do some routine file cleanup, instead, entered a command to the drives where Pixar stored the film's files - deleting 90 percent of the film. True story.

How did they save the film? A supervising technical director, who had been working from home, remembered she had a backup version of the film stored securely on the computer she had been using while working remotely. Sound familiar? Thanks to her protected files, the entire film was restored. 

While it's true that technology continues to advance at a rapid pace, there are a great deal of resources out there to help you organize your files and put it all together in a way that's practical and easy to manage. 

There's even a guide from the U.S. Computer Emergency Readiness Team (US-CERT) you can download that features a wide range of backup options. Think of it as a playbook that you can rely on that doesn't read like stereo instructions. 

As always, be sure to visit our Indiana Cybersecurity Hub for the latest cyber tips, resources, and news to help all Hoosiers stay safe whenever you're online. 

Celebrating World Backup Day will also provide you with a well-scripted plan that'll help keep cyber criminals out of the picture. 

 

Women's History Month - A Time to Support Women in Cybersecurity

March 24, 2021 

By Lieutenant Governor Suzanne Crouch 

Indiana ratified the 19th Amendment in 1920, making last year the centennial anniversary of this important milestone in our state's and nation's history. Countless Hoosier women and male allies worked tirelessly during this movement to pave a new path for women in the future. 

The celebration doesn't have to end there, as each March is Women's History Month. This annual event highlights the contributions of women in society, which should include the progress women are making in cybersecurity. 

Recently, I spoke with the relatively new group, Government Women in Technology. Comprised mostly of women in state government, this group is supporting their fellow colleagues who work in an industry that has historically been a male-led field. In the past year, this group has grown to more than 100 people who work in information technology, cybersecurity and other computer-related fields. At the same time, this group is lighting a path to encourage the next generation of women to seek a career in technology. These women are reaching out to schools and working with young female students to keep the interest alive in STEM classes. 

This kind of interaction can have a lasting impact on our workforce. 

The same was true for suffragists who worked for change to get women a spot at the polls. As part of the 100th anniversary of the ratification of the 19th Amendment, I chaired the Indiana Women's Suffrage Centennial Commission, an effort catalyzed by Indiana Humanities. 

This partnership between a statewide network of women's and history organizations was such an eye-opening experience. We worked to ensure the important pieces of history are not and will not be forgotten, because the suffrage movement demonstrated that ordinary people, when working together, can make an extraordinary impact. The Commission developed and supported programming aimed at unearthing untold or lesser-known stories, as well as those that both educate and preserve the individual and collective legacies of women whose efforts were instrumental in the movement. 

Some highlights from 2020 include: 

  • Jan. 16 Statehouse Celebration - Hundreds of people, from General Assembly members and suffrage commissioners to Girl Scouts, League of Women Voters members and ordinary citizens, gathered to recognize Indiana's ratification of the 19th Amendment. 
  • Preserving Women's Legacy Grants - One-time grants allowed Indiana Main Street organizations in Angola, Michigan City and Peru to discover, preserve and tell stories about the contributions women have made in their communities. 
  • Suffrage Block Party - In August, the Indiana Historical Society, Indiana State Museum and others hosted a weeklong, virtual celebration featuring talks, and workshops highlighting the work of suffrage scholars, thinkers and artists around Indiana. 
  • New Artworks Unveiled at the Statehouse - Two original works of art, a quilt titled "Together" by Indianapolis artist Kassie Woodworth and a painting titled "niNeteenth" by Decatur artist Shelby Nower, were unveiled as part of the state's permanent public art collections. 
  • New Discoveries - Thanks in part to the Indiana Humanities' May Wright Sewell Fellowships, we learned more about how Indiana women shaped suffrage and politics, includng the lives and work of Black Hoosier suffragists and Monroe County and South Bend-area suffragists, and the participation of Black Hoosier women in the 1920 elections immediately following the ratification of the 19th Amendment. 

I encourage all Hoosiers to learn more about these activities and more at: IndianaSuffrage100.org

During Women's History Month, let's not only remember those who committed themselves before us, but let's also continue to come together to equip future generations. And, remember, too, the legacy of women leading the way in Indiana is not a new phenomenon, rather it is a part of the fabric of who Hoosiers are. 

#WomensHistoryMonth

"Days of Our Cyber Lives" Podcast Highlights How Indiana State Government is Using Cybersecurity to Support Local Governments, Keep Hoosiers Connected

March 18, 2021

By Chetrice Mosley-Romero

Got a favorite podcast? We all have one, right? 

Did you know? By one recent estimate, on Apple alone, there are more than 1.75 million podcasts out there, with more than 43 million episodes, as of January. That's a lot of popcorn. 

Of course, if you're interested in a podcast that offers timely, informative, and helpful FREE information for all Hoosiers; shared in a way that's friendly and easy to understand, we invite you to check out "Days of Our Cyber Lives". 

As Indiana's Cybersecurity Program Director, it is my pleasure to participate as a recurring co-host of this podcast series, together with the Indiana Bond Bank and the Office of Indiana State Treasurer Kelly Mitchell. 

Offering expert insights and awareness to everyday issues referring to cybersecurity, we talk with our guests about solutions, resources, and ideas for local governments, with information designed to help keep all Hoosiers safe, secure, and connected. 

Cybersecurity is an important priority in the state of Indiana, and, because of this, we routinely work closely with local governments who, in turn, provide a wide range of essential services involving everything from emergency management and critical infrastructure to protecting people and businesses as it relates to their personal data and financial information. 

Among the guests who've appeared recently on episodes of the podcast includes: 

Simply click on the link to view the episode. 

  • Tracy Barnes - State of Indiana Chief Information Officer - discussing issues impacting local government and proposed cybersecurity initiatives in 2021; 
  • Hemant Jain - State of Indiana Chief Information Officer - relating to the vision and strategies for combating cybersecurity issues;
  • Mitchell Parker - IU Health Chief Information Security Officer - How COVID-19 impacts health systems, identifying IT systems and avoiding COVID-19 cyber scams; 

We invite you to log on tune in to "Days of Our Cyber Lives". For all the latest cyber news, tips, and resources, visit our Indiana Cybersecurity Hub, follow us on Twitter and Facebook, and, if you like what you read, subscribe today to our Indiana Cyber Blog!

Perspectives From The Field Series

The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.

In the third installment of our Series, our focus is centered on "Patient Safety Awareness Week." In recognition of this campaign, Valita Fredland offers her thoughts -- as an experienced information privacy and security professional -- about the importance of protecting a patient's personal identifiable information (PII) and preserving the privacy of their medical records, as mandated by federal law. 

Helping Patients with Two-Factor Authentication

March 15, 2021 

By Valita Fredland, JD, MA

Last semester, I was helping my daughter set up a new e-mail account that she could use for her college search process. As an information privacy and security professional, I take such tasks seriously. E-mails are a common way for criminals to steal Personal Identifiable Information (PII) and credentials that can be used to commit other crimes. Therefore, when my daughter and I set up her new e-mail, I selected the two-factor authentication sign-in option. My daughter accused me of being an overzealous privacy professional (true that) and implementing crazy cybersecurity protection that makes it too hard for her to access her account. 

In recogntion of Patient Safety Awareness Week, I thought I'd share the explanation that I gave to my daughter about why using two-factor authentication for ANY account with PII is not crazy. Patient information is some of the most sensitive PII. With advances in technology, patients have growing control over their digital electronic health records; patients can request digital copies of their medical records from their health care providers; they can store their records themselves, and share the records with others. No matter where patient records are stored, the login access should have two-factor authentication. 

Two-factor authentication is a cybersecurity method of verifying that you are who you say you are, so that even if your username and password fall into the hands of criminals, they cannot pretend to be you and login to your accounts. For example, when a patient logs into a patient portal to access a provider's medical records, the patient enters a username and a password to get access, then, as added security, using a second factor, the medical records system would send a temporary code via another method, often via text message, phone call or an e-mail, to the patient which would have to be entered before access to the records are granted. Simple, right? 

Even though it is simple to use two-factor authentication like this, only about 10 percent of users set it up for their accounts. Why, might you ask? Well, I think my daughter's complaint is the most common "it takes too long!". So, we tested it. For most accounts that we tried, this extra authentication factor added no more than 10 seconds when logging in to an account.

While there are certainly nuances among two-factor systems that can cause hiccups and frustrations, they are likely less frustrating than having your data stolen or misused. And usually, this important security method is both simple and easy. 

So, here's to you, and all of us who are patients! To celebrate Patient Safety Awareness Week, companies responsible for the privacy and security of sensitive PII, such as patient information, should make two-factor authentication available for their systems, and patients and other users of accounts with sensitive PII, should turn on two-factor authentication. It's not crazy!

Local Governments Rely on Preparation, Knowledge to Reinforce Cyber Readiness

March 10, 2021 

By Kelly Mitchell 

Prior to serving as Indiana's State Treasurer, I spent seven years as a county commissioner. In most counties, the commissioners serve as the coiunty executive, so I was given a front-row seat to the complex processes of local government. That experience has proven tremendously informative in my current role, as I often work directly with local government units. From the fiscal programs of the Indiana Bond Bank to the broad resources of the Statewide 911 Board, I am in frequent communication with county and city personnel. 

We've heard a lot about cybersecurity the past few years, but much of the conversation has taken place at the state and federal level. What many people don't realize is that local governments are among the most vulnerable to cyberattacks and, until recently, hadn't taken steps to protect themselves. In a 2020 survey of local government IT executives by the Public Technology Institute, 54 percent said their elected officials were only somewhat engaged with cybersecurity efforts, and 23 percent said their elected officials were not engaged at all. Furthermore, two-thirds of IT executives reported their cybersecurity budget was inadequate. 

It may be tempting to assume that this only happens in other places, especially local governments serving large, urban populations, but that isn't the case. Just last year, Lawrence County was hit by an attack that took most county systems offline for days. In 2019, LaPorte County was forced to pay a large ransom after a ransomware attack devastated their systems. Cybercrime can, and does, happen in our own backyard. 

We can work to fight this trend by arming ourselves with two weapons: preparation and knowledge. Thankfully, many counties have seen the trends in cybersecurity and are working diligently to protect themselves. In fact, 82 percent of IT executives reported their local government has a cybersecurity plan or strategy in place. Once a cyberattack has hit, it's too late. 

Knowledge is an important weapon in our fight against cybercrime, Regular training for all government employees is a must. A workplace is only as protected as its vulnerable link. The Indiana Cybersecurity Hub features a wide range of helpful resources that include educational components, best practices, and emergency preparedness. I encourage you to visit the Hub to learn how you can better protect yourself. 

My office partners with the Indiana Bond Bank to host a podcast, Days of Our Cyber Lives, which was created to bring awareness to issues relating to cybersecurity and to provide solutions and ideas for local governments. These episodes are packed with helpful information, and are a lot of fun, too!

The pursuit of cybersecurity is a race without a finish line. It requires constant education, vigilance, and time. Working together, we can continue to move the needle on this issue, and my office will continue to uncover new solutions for local governments.

Perspectives From The Field Series

The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.

In the second installment of our Series, we celebrate National Women's History Month, commemorating and encouraging the study, observance, and celebration of the vital role of women in American history, and honoring the many contributons made by women to history, culture, and society.

As part of our celebration, Tasha Phelps provides her real-world perspective as an accomplished entrepreneur. She discusses the disparties facing women and minorities in cyber and IT, while, at the same time, offering a different point of view to consider when bringing about greater opportunities for women in workplace development and significantly account for more of the 31,000 jobs that are expected by 2029.

Exposure Creates Perspective

March 3, 2021

By Tasha Phelps

The journey to entrepreneurship was (and still can be) a difficult challenge. Sometimes the road is smooth; sometimes the road has twists and turns; sometimes the road is an uphill battle! As a black, female, entrepreneur in technology for more than 20 years, I have many stories that I could share that would likely raise eyebrows or even turn smiles upside down, but would, undoubtedly, spark some conversations.

When I started my company in the late '90s, I started as a simple web developer, and "technology" looked nothing like what it looks like today. Everyone needed what I was selling at the time because web development was such a fairly new phenomenon for business. I didn't realize it, but I was on the cusp of a new industry that would totally change the way we communicate and secure information.

Though certified as a Minority Woman-Owned Business (MWBE) and being in technology (it wasn't called "IT" at the time), I typically felt like the outsider in a room, because I was often the only female. I listened to listen, absorb, and respond, but it wasn't until I was asked to speak at the ITEC 2008 Conference here in Indianapolis, that my voice was actually heard. I spoke on Business Continuity and the use of technology to sustain operations -- a conversation about cybersecurity that was just beginning to hit mainstream Corporate America.

Women in technology are out there -- no question, but women in CYBERSECURITY are few and far between. To that point, many organizations and initiatives in Indiana have formed to specifically feature women and offer them an opportunity to convene and discuss ways to grow and increase their visibility:

  • Women & Hi-Tech established in 1999 is an organization that works to recognize women in STEM (Science, Technology, Engineering & Math) fields for their efforts and influence.
  • Indy Women In Tech is an organization designed to inspire women and girls (of all ages) to pursue careers in STEM industries.

One component that hasn't expanded as vastly or as quickly, is the diversity of the women involved. The opportunities and the attention that many have given to inspire young girls to explore careers in STEM exists, but haven't been abundantly successful. In fact, one of the opinion contributors at USA Today published an article suggesting why this is so [read article].

Now that we've been exposed to the numbers and recognize the disparity in women/minority women in cybersecurity (or just technology in general), let's look at this with a different perspective. What can Hoosiers do (men and women) to inspire and encourage young girls to consider STEM careers? Here are a few suggestions:

  1. Become a role model
  2. Volunteer in organizations that specifically target this issue
  3. Share your own story
  4. Help minimize the fear of the industry
  5. Get involved

The disparity of women and minorities in cybersecurity/technology is not insurmountable, and while business and industry begin to address Diversity and Inclusion across the board, those of us in IT can be intentional about addressing the disparities, specifically in technology.

#LetsDoThis!

#OneIndiana

Perspectives From The Field Series

The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.

In the final blog installment celebrating #BlackHistoryMonth, we wanted to ask a valued member of the IECC and partner, Linda Calvin, who is the Vice President of the School of Information Technology at Ivy Tech, to talk frankly about where we are now with developing a workforce in cybersecurity to include African Americans, especially as the need for cyber professionals continues to grow.

The Lack of Diversity in Cybersecurity

February 25, 2021

By Linda Calvin

With the proliferation of the Internet of Things (IoT), now we have bad actors who want to hack into your smart homes, your smart devices and even your cars. The Bureau of Labor Statistics states that information security analyst jobs are expected to grow 18 percent through 2024. Huge demand for cyber! However, the numbers of African Americans in cyber aren't improving. Why?

Linda Calvin's List of Whys

#1. What the heck is cybersecurity? Unless you live and breathe tech, cybersecurity seems like something out of a Tom Clancy novel or a Jason Bourne movie. Put simply: cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. With COVID, I saw more messages about how I needed to renew my Netflix subscription than I could count. I didn't have one in my name! A cyber professional identifies these phishing attempts and designs solutions to protect data. We need to make cybersecurity relatable and map it to passion and interest, then we can attract more talent of all genders and races.

#2. It's too technical. Attempts have been made to demistify cybersecurity by classifying it as non-technical. That's not the right approach. It's technical -- you have to understand the foundation of coding, but you don't have to be a Jedi codesmasher to enter the field of cybersecurity. You need to understand how to unpack a problem, have a robust intellectual curiosity with a desire to learn, logical thinking and troubleshooting skills.

At Ivy Tech, in our nationally recognized and accredited cyber program, we spend time helping students understand the basics before we dive into the advanced topics. And, sure, students are exposed to coding. But it's more about understanding those minefields hackers are creating for you than it is about you writing hundreds or thousands of lines of code.  

#3. When you can see us, You can be us. We need to see more black cybersecurity role models. We do exist. There are organizations such as Blacks in Cybersecurity, the International Consortium of Minority Cybersecurity Professionals, influential black cybersecurity leaders, the Black Cybersecurity Association, and Women in Cybersecurity. We need more black leaders to be visible and we need cyber leaders to mentor and tell stories of why cybersecurity is important.

#4. The Song Remains the Same - Bias and Racism. The disparity in the lack of black or African American men and women in cyber can be attributed to the disparity in tech overall -- bias in hiring and racism. The tech industry, as a whole, has a poor report card on ethnic diversity. We address this by applying intentional analysis into hiring practices and deconstructing the false narratives that black people are not technical enough or have the requisite subject matter expertise to lead or work in cyber. It's a big challenge, but not insumountable if we get tech leaders to root out bias in their organizations.

Why is it important to have more African American representation?

Diversity fuels innovation and studies prove this out. However, what we also know is that to build an application or design a process that serves a diverse audience, you must have diversity at the table. If we have homogenous voices designing security solutions, will those solutions ultimately encompass people of color, people of different socioeconomic statuses? It's critical that we get black adults and youth excited about cybersecurity and cyber hygiene! It's essential that we expose youth to cybersecurity in elementary school and middle school as they adopt more technology. To protect the workforce, we must reflect the workforce.

Career Experiences, Mentoring: Creating Opportunities in Cyber, Celebrating Black History Month

February 24, 2021

By Chetrice Mosley-Romero

When it comes to parties or parades, there's always a theme. It gives us a reason to celebrate.

And while it's true that the cybersecurity world isn't likely to get together anytime soon to host a parade or have a party on any sort of scale that draws a crowd, there is a theme to the activity we're seeing right now, in virtually every corner of the cyber world.

In a word, it's opportunity.

Everything from the advancements we see in technology to the progress that's made involving safer Internet protocols, especially as it involves protecting children and young adults, we see opportunity. The same is true with careers in cybersecurity and how many jobs that are predicted to be created in the years to come. With it, comes the opportunity for mentoring and guiding young people to a more promising future.

Of course, as new opportunities emerge, it's because people have achieved success and, in some cases, are the first to do something that's never been done. In doing so, they made the most of their opportunities, even if it meant they did so while, at the same time, overcoming adversity.

In celebration of Black History Month, we noted in our most recent blog -- featuring Indiana State CIO Tracy Barnes' interview with Linda Cureton, known for her accomplishments as the first African American CIO at NASA -- the number of cybersecurity jobs is expected to rise as much as 31 percent through 2029.

Amid that promising forecast, Cureton shared her belief that the key to attracting people in any field is the desire that folks have for community and seeing people like themselves. In offering her perspective, she pointed out the fact that "when you are the first, you don't have the benefit -- but you can give that benefit to others".

Following on Cureton's story, we are pleased to share with you -- and honor -- the careers and achievements of three African Americans, whose knowledge, reputations, and leadership in cybersecurity and IT are admired and highly respected, along with the tireless work and contributions they've made (and continue to make) in supporting humanitarian issues worldwide.

Among those whose stories we are pleased to share with you, include:

  • Veda T. Woods - Humanitarian & Global Cybersecurity Executive -- Veda Woods' strategic leadership spans over 22+ years of combined public and private sector experience in cybersecurity, data governance, cyber risk management and threat/intelligence oversight. Her focus on policies and decision-making processes are centered on protecting and respecting human rights by design. As Founder/CEO of the Protect Us Kids Foundation, Woods leads an organization, whose mission is to provide youth with critical, life-saving tools on navigating cyberspace safely without falling victim to Internet predators.
  • Devon Bryan - Managing Director and CISO of MUFG Union Bank & Co-Founder - International Consortium of Minority Cybersecurity Professionals -- With a cybersecurity career that began as an officer in the U.S. Air Force (USAF) coordinating counter-information operations and designing security strategies, Bryan's vast senior executive management experience includes his work at the IRS, Federal Reserve System, ADP and KPMG, before becoming Managing Director and CISO at MUFG Union Bank, one of the world's leading financial groups. Dedicated to giving back, Devon is the Co-Founder of the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit organization dedicated to increasing the number of minority students (including women and major under-represented groups) purusing graduate and post-graduate educational degrees in cybersecurity by funding scholarship opportunities.
  • Renee Forney - Senior Director - Azure Hardware Systems & infrastructure Security at Microsoft --  Following on her work as an executive in the private sector, Renee worked for the U.S. Department of Homeland Security and served as the Deputy CIO of Cybersecurity and Enterprise Operations at the U.S. Department of Energy. More recently, she worked as the Senior Director of Cyber Assurance at Capital One. Recognized for her noteworthy accomplishments in the betterment of online security and data privacy, she has forged meaningful partnerships with public and private institutions to educate youth about online safety, security, and privacy.

 One of the foundations of Black History Month is celebrating the achievements of African Americans. And while it's true that these are but three inspiring stories, their noteworthy accomplishments are vividly illustrated in the hard work of all cyber professionals of color.

TOMORROW: Be sure to visit our blog for the 3rd part in our series celebrating Black History Month, as Linda Calvin representing Ivy Tech Community College shares her experience as an African American woman, who is a leader in cybersecurity workforce development, what we are doing as an education industry, and her involvement in making a path to a career in cybersecurity more available to African Americans, women, and other minority groups.

 

State of Indiana CIO Tracy Barnes - Q&A with Linda Y. Cureton - First African American CIO of NASA and Founder-CEO of Muse Technologies

In celebration of Black History Month - we are pleased to present the first of a 3-part Indiana Cyber Blog series highlighting the achievements of African Americans in Cybersecurity and Information Technology.

Tracy Barnes, Chief Information Officer for the State of Indiana, recently spoke with Linda Cureton, whose distinguished, 34-year career in civil service includes the distinction of serving as the first African American to serve as the Chief Information Officer at NASA.

Tracy Barnes: It's interesting to see not only the impact of what you were able to accomplish as a CIO in leading an organization, I found it remarkable the fact that you were able to apply your experience, skills, and knowledge across such a broad range of agencies -- everything from the Department of Justice and Energy to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) to Space Exploration.

What do you attribute your ability to lead these agencies at such a high level, given the fact each of which operated within different cultures and disciplines and likely relied on different processes and applications?

Linda Cureton: The organizations are quite unique. One saying that I have, is that the one thing unique organizations have in common is their uniqueness. In other words, a CIO will have to consider people, process, and technology at each organization she serves -- that's the commonality. However, each consideration of of people, process, and technology will vary. For example, processes at the Department of Energy were born out of the healthy, but non-collaborative competition of the Manhattan Project; processes at the ATF (Bureau of Alcohol, Tobacco, Firearms and Explosives) were born out of the necessity of facing life threatening situations -- fire, ready, aim; and processes at NASA were based on science and scholarly argumentation. Thus, the technology and people aspects were similarly formed to conform to these cultural features. My ability to lead these agencies successfully resulted from my ability to clearly see these attributes.

Tracy Barnes: In reading an article highlighting some of the work (at the time) you were involved with at NASA, you described the task of transitioning to a new desktop service provider and the necessity of downshifting from 10 contracts down to one, saying that's "always a dicey situation for a CIO".

In terms of advancing technology and, perhaps, changing the culture of NASA, what lessons did it provide for you? And, to what extent did handling those "dicey situations" help you as a CIO? What impact do you believe it had in helping to improve NASA?

Linda Cureton: What helped in the transition at NASA was understanding that the sum of the 10 "parts" was greater than the whole. In other words, if one obtains 10 requirements and puts them on one enterprise contract, you will miss the requirement. There's a wholistic aspect of "the enterprise" that is missing. For NASA, there were essentially three different security and networking requirements, not 10. The human space flight community needed highly secure, fast, low bandwidth requirements supporting astronauts, spacecraft, and satellites. The scientists needed low security and high bandwidth supporting exploration, experimentation, and information sharing. The administrative community was more security compliance oriented with moderate bandwidth requirements. Aggregating these requirements would have been expensive and pleased few customers. The "dicey" situation for the CIO requires looking beyond the aggregation and developing enterprise solutions which meet mission and business needs.

Tracy Barnes: One of the foundations of Black History Month is celebrating the achievements of African Americans. Speaking as a CIO, who is African American, there is a recognition for the responsibilities I possess and the path I've followed to make the decisions that best serve our employees, as well as serves the interests of all Hoosiers.

As the first African American to serve as a CIO -- first at the Goddard Space Center and, soon after that, NASA as an entire agency, how would you describe the challenges you dealt with along the way, and how would you say it's influenced your work? Your career?

Linda Cureton: The biggest challenge I faced was dealing with the notion that I was selected not because of my ability, but because of some need to address diversity and inclusion issues. In other words, I was selected to help with organizational diversity statistics and not with technology challenges. The situation did not improve as I was promoted to be the CIO of the entire agency because it was assumed, I was chosen because the country had just elected an African American President and not because of my ability. While I recognized my own capabilities of being a strategic advisor for NASA's mission of exploration, I cannot say I wasn't called to prove my abilities constantly. This was frustrating and disheartening.

Tracy Barnes: One of your (many) notable achievements involved establishing NASA's Office of Chief Technology Officer for IT "to focus on innovation and drive change through enterprise". Did it help you achieve the goal of creating a single agency vision for what IT should look like? How did it happen?

Linda Cureton: As technologically innovative as NASA's mission would suggest, the agency does not consider information technology as "technology". Information technology is thought of as more tactical than strategic -- like electricity, running water, or as one senior executive said to me, the toilets. I met a lot of resistence establishing the office of the CTO of IT. However, whether it was through stubborn persistence or blind courage, I persevered and agreed to add the "of IT" to the title. The CTO for IT was able to advance an innovative agentcy vision for IT. One of the things I am most proud of, is the work we did to create what was to become OpenStack. We created a private/hybrid cloud solution internally named Nebula. My team opened the solution to the open-source community enabling what would become OpenStack. We worked collaboratively with industry, the agency's legal officials, and the open-source community to accomplish this goal.

Tracy Barnes: Cybersecurity is an integral part of information technology for advancing, as well as maintaining the security of an organization. It is my understanding you have a belief about how cybersecurity fits into this process. Can you share with us your approach and how that experience influenced your work?

Linda Cureton: When asked to contribute to this blog, my first response was -- I hate security. But why? I hate security because there is no such thing as secure. I feel that this is an unpopular position because CIOs or CISOs are always advocating that complying with specific practices will provide security. This is fallacious. Back in the day, I favored continuous monitoring over the false confidence of compliance. I believed in the no trust of the network and the need to implement proective measures as close to the data as practical. Today, I resist the fallacious notion of secure supply chains. We should presume insecure networks and supply chains developing strategies accordingly. My thoughts on cybersecurity strategy are inspired by the old movie "Star Trek II: The Wrath of Khan". Young Starfleet cadets were given a test mission of the Kobayashi Maru -- the no-win scenario. This test was passed only once, by the future hero James T. Kirk. The only way to pass was to change the game. I believe that the cybersecurity game needs to change -- otherwise, we keep losing and losing.

Tracy Barnes: What advice would you offer to people interested in pursuing a career in IT or cybersecurity?

Linda Cureton: I think the cybersecurity field needs to benefit from people who understand compliance requirements but have the emotional intelligence of understanding the changing nature of the adversaries and the behavioral aspects of the end users. The field is overrepresented with compliance orientation with no knowledge of people and change management issues. A high emotional intelligence for folks pursuing a career in cyber will cause them to excel to the top of their profession.

Tracy Barnes: At a time when the number of cybersecurity jobs is expected to rise by as much as 31 percent through 2029, based on your experiences of overseeing entire agencies and organizations, what is the key to attracting more young people of color to cyber and IT?

Linda Cureton: I believe that the key to attracting people in any field is the desire that folks have for community and seeing people like themselves. However, when you are the first, you don't have that benefit -- but you can give that benefit to others. The other thing that is needed is true mentorship and/or sponsorship. When I say true mentorship, for example, I don't mean the sterile "check-the-box" mentoring programs that are often established. We need mentioring which builds relationships over time, and challenges both the mentor and the protege.

Tracy Barnes: In describing the contributions of the 58 women whose accomplishments in aerospace are well documented, you said they demonstrated what you called "leadership courage" -- "...the kind that helps someone overcome the fear that looks like voices in your head. It looks like the people saying you can't do it. It looks like a mountain too high to climb. But, that it's also the fear that motivates and that courage takes that fear and turns it into preparations for success".

Is that something you have lived by, in the work you accomplished over your career? Does it continue to influence you in leading Muse Techologies? How so?

Linda Cureton: This question has a long answer. I wrote a whole book called "The Leadership Muse: Inspiration for the 21st Century Hero-Leader". You can't be a hero without courage, and you can't have courage without fear. A new kind of leadership develops from a person with the passion of their convictions, the direction and intention of their purpose, and the power of their courage to lead change and accomplish the impossible. The Muse were the mythological goddesses of inspiration who offered divine encouragement. I founded Muse to attract a cadre of employees to create a company I wish I had as a CIO -- encouraging and helping through people, process, and technology to achieve the executive's IT vision.

Data Privacy Day is January 28th - Reason for Celebrating Respect for Others, Safeguarding Our Identity 

By Chetrice Mosley-Romero

January 27, 2021

If it's possible for our privacy to be a cause for celebration, it could be said that Data Privacy Day -- on January 28th -- is a holiday that reminds us just how important it is to respect each other's privacy, safeguard one's data, and enable trust.

Beginning in 2007, Data Privacy Day was created by the Council in Europe. In 2009, the U.S. House of Representatives proclaimed it National Data Privacy Day. Since that time, a variety of consumer, business, and cybersecurity groups and organizations have joined in an internationa effort to help empower individuals and businesses to engender that respect. At the same time, it reminds us of the importance of our personal information and the easy-to-follow steps we can follow to stay safe online.

A recent article on network security recently highlighted a list of 10 online privacy facts, including some that may surprise you. For example, did you know that 41 percent of children between the ages of 8-17 have public profiles that are open, putting them at risk to predators? Or, that a person's job or career can be compromised by th spread of false or misleading information that is accessed online?

Fortunately, there are resources available to help you. The FTC also offers a series of helpful tips for keeping your personal data protected, such as:

  • Locking your financial documents and records in a safe place at home
  • Limiting what you carry. When going out, take only your ID, along with the credit or debit cards you need. Leave your Social Security card at home.
  • Making sure before you share any personal information at work, a business, your child's school and/or a doctor's office, always be sure to ask why they need it, how they will safeguard it and discuss with them any consequences of not sharing it with them
  • Shredding any important documents (i.e. receipts, credit offers or credit applications, medical/insurance forms, as well as any bank/financial statements or expired credit cards) that you no longer need or use
  • Destroying the labels on prescription bottles before you throw them out
  • Consider opting out of prescreened credit and insurance offers by mail. You can opt out for 5 years or permanently by visiting: optoutscreen.com. It is a secure online service operated by the 3 nationwide credit reporting companies.

For more information about how to keep your personal information secure, Hoosiers are invited to visit the Indiana Cybersecurity Hub. Also, you can check out our new blog, follow us on Twitter, or visit our Facebook page for the latest tips and other helpful links and resources.

Tax Identity Theft Awareness Week Offers Tips to Provide Protection, File Your Taxes Securely

January 25, 2021

By Anna Shei

During tax season, you're tossing out names, addresses, and numbers on several different forms and in different places. It can get confusing making sure you have all the correct information in the right location!

But, protecting yours and your families' identities and personal data is an absolute must. Fraudsters are out there, ready to take advantage of any small mishap.

To help consumers stay safe, the Federal Trade Commission launched Tax Identity Theft Awareness Week. Beginning today through Friday, January 29th, the purpose of the campaign is to provide people with the tools and resources to protect themselves, including helpful tips for everything from filing your taxes to making sure that you are due a refund that you receive it.  

Thieves will try to steal taxpayer identities, file fraudulent tax returns, and then take those refunds for themselves. Here are a few tips to follow to make sure you don't become a victim.

  • Store your personal information in a secure location
  • Make sure you're entering your personal information on a protected website
  • Choose a trustworthy tax preparer
  • Do not carry your Social Security card with you
  • Shred any documents with personal information on them if they are not needed
  • Make sure you have firewalls, anti-spam/virus software and updated security patches on your computer
  • Change your passwords regularly for Internet accounts and,
  • Do not give out personal information over the phone, through the mail, or on the Internet unless you know for sure who you are dealing with.

While you take those steps, the Indiana Department of Revenue (DOR) is also working to keep your information safe. DOR's Identity Protection Program protects Hoosier taxpayer's identities and refunds. The program includes an Identity Confirmation Quiz that you may be randomly selected to take. This is not a punishment. DOR just wants to make sure everyone gets their money. The quiz doesn't take long. It asks specific questions only you would know. But know that DOR will send a letter to anyone selected to take the quiz and will never and ask you for your personal information.

To learn more, check out DOR's Stop ID Theft website or visit the IRS website for additional tips, including a YouTube video on some new security measures to follow to protect yourself during the upcoming tax season.

Plans for the Weekend? Celebrate "National Use Your Gift Card Day" on January 16th

Easy-to-Follow Tips Will Help You Avoid Scams, Prevent Cyber Criminals from "Re-Gifting" What's Yours

By Chetrice Mosley-Romero

January 15, 2021

The popularity of gift cards is undeniable. It's estimated that more than half of Americans purchased gift cards during the 2020 holiday season.

According to a recent report, it's expected that the gift card market in the U.S. will reach $221.1 billion by 2024 (from $163 billion in 2019), with Millennials and Gen Z consumers driving much of the sales.

Of course, as with a lot of things we try to protect, cyber criminals are already out there trying to steal your gift cards for themselves, even BEFORE the cards are purchased.

So, as you get ready to redeem your gift card, either online or in-store, you'll want to follow some simple steps from Bolster Research to stay safe and enjoy your shopping experience, including:

  • Look closely at the card to make sure none of the protective stickers have been removed or that the codes on the back of the card haven't been scratched off to show the PIN number.
  • If you haven't already, register the card, change the security code and the PIN and use the card as soon as you can, so as to lessen the opportunity for the card to be lost or stolen.
  • ALWAYS be sure to go directly to the retailer's website -- by typing the store's URL into your browser -- to confirm or check the gift card balance. Bogus websites, links, e-mails and text messages exist in a variety of different forms to make it look as though they are trying to "help" you. Instead, what happens is that your gift is stolen, along with your personal and financial information.

It's also a good idea to overspend the amount of the gift card to avoid leaving any sort of balance. It also enables you to hand the card over to the retailer to recycle it. Purchasing a small useful item, such as lip balm or treating yoursef to a small chocolate candy, is a good way to complete the purchase.

In doing so, you'll be able to treat yourself to something nice. And that's a bigger deal than you might think. Recent statistics from Mercator Advisory Group Inc. indicated that $3.5 billion in gift cards went unredeemed last year.

Here's to having a safe shopping experience!

National Clean Off Your Desk Day - Perfect Time to Get "Cyber-Organized"

By Chetrice Mosley-Romero

January 13, 2021

In case you missed it, Monday, January 11th was National Clean Off Your Desk Day.

Not to worry, though, as there's plenty of time this week -- as the New Year begins -- for you to clear away the clutter that's ON your desk.

And it's a great time to get "cyber-organized" -- involving everything from tidying up your computer files to creating new passwords. First, a quick bit of trivia.

You might be interested to know that the person credited as the founder of National Clean Off Your Desk Day is A.C. Viero of Clio, Michigan. No word on what he (or she) might've done to earn the honor.

But, it's safe to say that we'll be a little happier and more productive following 8 best practices for refreshing your cyber life, as recommended by Information Security Services at UCLA, including:

  • Reviewing your online accounts
  • Updating your Internet-connected devices
  • Tuning up your web browsers
  • Purging old digital files
  • Locking down your login
  • Refreshing your online presence
  • Backing up your files
  • Disposing electronic devices securely

Preparing your workspace -- whether you're continuing to go into the office, working remotely, or your office is at home -- will help you stay positive and focused.

And don't forget when you are cleaning your desk to be sure to never write your passwords down where everyone can see (even if you are at home); always lock away confidential information or information with personal identifiable information when you are not using it, and lock your computer screen when you step away. Because when you, your co-workers, your spouse, or even your kids are on video calls or have guests in your home, you never want to be that person who shared too much because you didn't take the steps needed to protect your and other's information.

Whether you've already finished getting things cleaned up or it's a task that's still on your "to do" list, visit the Indiana Cybersecurity Hub for the latest news, tips and information to help you stay safe online. A statewide resource, the Business section of the website features content that's timely and relevant and will help you build on your cybersecurity knowledge and improve the readiness of your business or organization to guard against potential cyberthreats.

What's more, it'll give you a head start on National Clean Your Virtual Desktop Day on October 18th!

Reason to Celebrate - Cybersecurity: Technologies That Protect Us

By Chetrice Mosley-Romero

January 6, 2021

Today, we celebrate #NationalTechnologyDay!

Established in 2016, #NationalTechnologyDay recognizes the way technology changes our world, and it honors the achievements, made through time, that have an impact on our daily lives.

After all, we use products that are designed and manufactured using the latest technologies. In turn, these advancements enable us to do everything from keeping us organized while using our smart phones to monitoring the control systems in our vehicles that we rely on to safely drive down the road to work or take our kids to school.

And just as technology connects us and keeps us safe and healthy through the products we use, cyberseurity refers to the "...body of technologies, processes and practices designed to protect networks, devices, and programs, as well as our personal and financial data from an attack, damage or unauthorized access.

As we begin a New Year, there are lots of opportunities to celebrate our cyber technology successes and it starts, simply, by our continuing to follow (as we've done all through the Pandemic) recommended best practices, as suggested by CISA (U.S. Cybersecurity Infrastructure & Security Agency).

  • Keep your software up to date
  • Run up-to-date antivirus software
  • Use strong passwords
  • Change default usernames and passwords
  • Implement multi-factor authentication (MFA)
  • Install a firewall

At a time when, seemingly, everything we do online relies on computers and our internet access, including our ability to communicate, entertainment, transportation, shopping, even our medications, it's a reason to use technology to protect ourselves and experience the peace of mind that comes from knowing that we are safe and secure.

For other helpful tips and resources about ways you can use technology at home, at work, or at school, visit our Cybersecurity Hub Page. Check out our podcast or follow us on social media on Twitter or visit our Facebook page.

The New Normal -- What Is It? And, Yes, It's Here to Stay

By Chetrice Mosley-Romero

December 30, 2020

The New Normal. We've all heard it. But what is the New Normal anyway? How is it changing our lives? Perhaps, forever.

On top of the many things that has happened in 2020, another life-changing trend toward online shopping and no-contact pickup and away from shopping in-store has changed. Consider, in the span of less than three weeks - between April 1st and April 20th of 2020 - online shopping, including in-store and curbside pickup increased 208 percent. And it has only continued to grow.

Since that first initial jump, those figures have accelerated dramatically. According to the U.S. Census Bureau, e-commerce sales amounted to $212 billion in the three months ending in June, accounting for 16.1 percent of the country's total retail sales ($1,311 billion). That's an increase of 4.3 percent compared to the first quarter of 2020 and it's up from 10.8 percent in Q2 2019.

With the shift, consumers are learning how to utilize the best practices for staying cybersafe while shopping online for those Christmas returns or those semi-annual sales we love so much, including:

  • Being careful and intentional with the stores you shop at, especially when visiting their websites (look for https:// in front of their website URL) to protect your financial and personal information.
  • Watching your email closely for possible email scams. If you're not sure of the source, don't click on the email and delete it!

If you believe you've been a victim of identity theft, be sure and visit the Indiana Cybersecurity Hub page to learn the steps on how to Report a Cyber Crime.

Another trend following Hoosiers into the New Normal is working remotely. For a lot of us, the home office is rapidly becoming a permanent part of our home and it's important to understand how to keep you and your work safe.

We wrote about Working From Home Long Term in a previous blog, but in case you missed it, here's a reminder of some of the cybersecurity tips to help you, including:

  • Updating your passwords consistently and keeping strong passwords is important to protecting your work and personal accounts safe.
  • Being sure you keep your passwords a secret and you don't reuse old passwords, and to make a password changing "schedule" to keep things current and safe.
  • Adding antivirus software to your devices. Most devices come with some sort of basic antivirus software, but upgrading to a more sophisticated antivirus software will help ensure that you are better protected against the possibility of a cyberattack.
  • Making sure, too, you change any default passwords (i.e. routers) as an added measure of protection when purchasing and/or installing any new equipment.

As we've already discovered, the New Normal isn't always easy, but it's becoming something we're getting better at doing, especially as we try and get through it all.

As Indiana's Cybersecurity Hub, we want to make sure that Hoosiers are equipped with all the tools they need to keep themselves and their families safe. To get the latest, be sure to subscribe to our blog, on Twitter or visit our Facebook page.

Here's to a Cybersafe New Year!

Protecting Your Personal Information Key to Safe, Secure Holiday Shopping

By Chetrice Mosley-Romero

December 18, 2020

With the holiday shopping season in full swing, it's a good idea to make sure your personal data is protected -- whether you're heading out to the stores, logging into a laptop or using your phone to visit your favorite retailers. Why's that important?

According to new data from Qubit, half of consumers now do more than 75 percent of their shopping online, a trend that is expected to continue. Just last month, Americans spent a record $10.8 billion online on Cyber Monday, up 15 percent from last year, making it the largest online shopping day in U.S. history, according to Adobe Analytics.

That kind of sales activity adds up to a whole lot of opportunities for cyber criminals to steal your personal information -- and your money. With that in mind, time's running out and there's only a few days left to finish your shopping, so remember before you go, be sure to:

  • Do business with reputable vendors/retailers and if you've never heard of them, do your homework before you buy from them.
  • Check the URL for "https" to ensure you are on is encrypted, especially when you are sharing your personal and financial information.
  • Check your bank and credit card statements for any unauthorized payments or payments that are much more than you approved to be taken out.
  • If you have to go to a store, limit what you carry; bring with you only the identification and credit/debit card you need or plan to use and, of course, your mask!

For more easy steps you can take to protect yourself while doing your holiday shopping, click here, There's also good advice from the U.S. Trade Commission (FTC) on ways to keep your personal data protected. And for more information about how to keep your personal information secure, Hoosiers can visit the Indiana Cybersecurity Hub for the latest tips, resources and more.

Working From Home Long Term - What You Need to Know

By Chetrice Mosley-Romero

November 25, 2020

So, you're working from home until 2021. What now? How do you manage working from home and managing distance learning with the kids? As working from home long term becomes more of a reality for Hoosiers, it's important to make sure you have all the tools you need to be successful, as well as safe and secure, during these unprecedented times.

First, it's important to maintain a solid schedule throughout the workday to keep yourself on track. Making a schedule and keeping to it will help to make it easier to work in an environment you'd prefer to relax in (come on, we'd all prefer to relax at home than work). Keeping to a schedule will help you be more productive and create an environment that is more conducive to work. And, if you can, finding a specific place in your residence, whether it's the kitchen table, guest room, or a designated home office to work from every day will make every morning seems "normal". It will also help you seem like you are "going to work" rather than just working at home.

Another way to make working from home long term a little easier to put in place cyber protections. Protecting your work information from cyberattacks will make it easier to protect you and your company's files and resources. Creating strong passwords and updating them frequently will provide greater protection against attempts to access your work, as well as your personal email and social media accounts.

Making sure your personal and work laptops are equipped with anti-virus and anti-malware programs is an easy and effective way to protect your information and your hard work from cyberattacks. Most new laptops come with some sort of anti-virus software already installed, but it's important to be sure to check that it is updated and actively working. Many employers require their employees to use a VPN (Virtual Private Network) when working in databases, but if your employer doesn't, it's a good idea to purchase a VPN in order to maintain a greater level of privacy when working on important documents. Keeping yourself and your work safe from cyberattacks will make working from home a little less stressful, and you won't have to worry about losing any of your hard work.

Many people working from home these days are working alongside their children while they work on their remote learning. As families have taken on the new responsibility of managing, along with teachers, the education of their children, it can distract from working from home. It's important to set boundaries within your family of when it's time to work and when it's time to play and it's a good idea to create a functional schedule for the day; it will help increase both your productivity and your happiness.

The main piece of advice for working from home is to have a plan and go with the flow. Current health situations are changing every day, and it's important to be flexible and work with your employer and your children's school to stay current on the latest protocols and concerns. Working from home might not be ideal, but it's part of our "new normal".

Creating a Secure Password - 5 Tips to Keep You and Your Personal Information Safe

By Chetrice Mosley-Romero

November 18, 2020

We have passwords for everything. Social media, email, bank accounts, cell phones, computers...the list goes on and on. It's so difficult to remember all of your passwords, so it's tempting to make them easy, short or the same as all your other ones.

Having the same passwords for all your accounts puts you more at risk for cyberattacks and identity theft, and so does having simple passwords. Here'are some for creating strong passwords that will help protect your accounts from potential cyberattacks.

Don't use the same password for every account. This seems like a no-brainer, but it really makes the difference. Varying your passwords for each of your important accounts can protect you from experiencing a massive cyberattack of all your personal information. Each password might be hard to remember, but having different passwords for every account will save you a lot of stress in the long run.

Make your passwords long and nonsensical. Longer passwords are harder to guess, so potential hackers will have a harder time guessing each character of your password correctly. Passwords without specific words in them are also harder to guess, so using a combination of nonsense letters, numbers and symbols will make for a stronger, more secure password. For example, you could use the letter "o" in place of the number zero ("0") or use the number "3" in place of the letter "e". This will make words harder to guess, and, thus, provide you with more secure passwords.

In doing so, use a combination of uppercase and lowercase letters, symbols, and numbers when creating passwords. Most sites have reqirements for what a password must contain, but for sites that don't, make it a habit to use a variety of characters within your password.

Steer clear of using personal information in passwords. It's tempting to use your Mom's maiden name as the base of your password, but any hacker can find that on social media and use it to guess your password. Rather than using names or birthdays of family members, you can use the names of random objects, like the word "desk" or "candle".

Change your passwords often. Varying your passwords every few months will make it harder for a hacker to know which password you're currently using for a specific site and can ultimately help prevent hacks of your accounts.

Creating and using strong passwords is a simple way to ensure your information is safe and secure from cyberattacks. Make strong and cybersafe passwords a priority!