Indiana Cybersecurity Hub
Indiana's Blog for Cybersecurity
WELCOME TO THE INDIANA CYBER HUB BLOG
The Indiana Cyber Hub Blog is your all-new, online resource featuring helpful advice and guidance from the Hoosier State's Cybersecurity Program Director, along with the perspectives of a wide range of cyber industry experts.
Internships Provide Mentoring and Career Opportunities in Cybersecurity
Thursday, July 28, 2022
Today is National Intern Day and Indiana Intern Day; a day for companies and organization to honor and celebrate the hard work and effort of the people, who are dedicating their summer or a part of their school year as part of an internship or co-op.
It’s an opportunity to gain some real-world experience, as they make the decisions that’ll help influence the choices they’ll make when it comes to deciding on a career. And, right now, when it comes to workforce development, cybersecurity job openings are as “in demand” as almost any other industry or business across the country, as well as right here in Indiana. According to CyberSeek, it’s estimated that there are more than 20,000 cybersecurity job openings in the Hoosier State and more than 700,000 positions that are needed to be filled across the U.S.
As someone who believes strongly in the value of mentoring – both in terms of providing a meaningful on-the-job experience, but what we can learn from having the perspective of someone who’s grown up with technology and the Internet – we like to say that once your internship begins, you’re no longer an intern, you are a part of our team.
FIVE QUESTIONS - ALL THINGS CYBER - Q & A WITH MICHAEL & PHIL
This summer, we’ve had the pleasure of working with Michael Herald (pictured on the right) and Phil Shou. As our Communications Specialists, they are working on everything from writing blogs and creating social media content on Twitter and Facebook to helping us update our Indiana Cyber Hub website (and much more). In celebration of their work, we sat down with them and asked them five questions reflecting on their time with us and what they’ve gained through their experiences in cybersecurity and working as a part of state government.
What is it about cybersecurity that interests you as part of your education and as something you might pursue as a career?
Michael Herald: "Cybersecurity interests me in a variety of different ways. In terms of my education, I have had to use various cybersecurity tools like two-factor authentication and password managers. As a part of my future career in communications as well, I know that I will have to be aware of cyber threats. The knowledge this internship has taught me will definitely come in handy someday".
Phil Shou: "I think the aspect of cybersecurity that I found most interesting was how common technologies could be exploited if one were to think a little creatively. It itches my brain to understand how it can be exploited which motivates me to learn more about vulnerabilities.
Michael, you are studying communications at Butler University. What is it about working on the Indiana cybersecurity program that led to you applying to be an intern?
Michael Herald: I was initially drawn to working on the Indiana cybersecurity program after I heard great things from a friend that worked for them in prior years. I was also drawn to the aspect that this would give me somewhat of a government experience, seeing how local governments and cybersecurity mix.
Phil, you recently completed your bachelor's degree in music at Indiana University and you are a pianist. How did you decide to apply for a cybersecurity internship?
Phil Shou: While I was completing my bachelors, I had been taking some classes in computer science and going to the cybersecurity club at IU and I wanted to apply some of the knowledge I already knew in an internship.
What have you learned about cybersecurity?
Michael Herald: I have learned a great deal about cybersecurity. The biggest lesson that I can take away from this experience would be to always be proactive when it comes to cybersecurity. You do not want to fall behind when it comes to updating things like your passwords, because cybercriminals are always one step ahead of you.
Phil Shou: Regular people being manipulated is a huge reason so many companies and institutions have been hacked. Going into this internship, I thought there would be a lot more stuff about hackers building this elaborate malware that breaches a system and then saying “I’m in”. In reality, it’s some guy in a company clicking on a phishing link giving out their login credentials. Now the hacker says “I’m in” because someone gave up their login information. Sometimes, it’s really as simple as asking someone what their password is.
As someone who's grown up, you might say, with the Internet and digital technology, what would you say you've learned about cyber as part of your everyday life?
Michael Herald: In terms of my everyday life, I have noticed things that I could improve on. For example, I recently just reset all my passwords and if I would not have learned that it should be routine, I may not have done that.
Phil Shou: I have definitely been very conditioned and aware of how public everything is on the internet. Google search anybody’s name and you’ll have a good amount of their personal information. This has made me a lot more conscious about my privacy and I’ve tried to stick to posting as little about myself online, although I’m sure you’ll still find something embarrassing about me.
What's the most interesting experience or something you've learned about cyber working with the State of Indiana?
Michael Herald: The most interesting and rewarding experience that I have been a part of is probably the day-to-day operations of the various social media channels and writing for them. This has allowed me to strengthen my writing skills as well as learn about the various topics related to cybersecurity.
Phil Shou: As I’ve been working with the State of Indiana, I’ve come to learn one crucial thing. The technical side of cyber is definitely very, very important. However, the human side is also an equally if not more important side of cybersecurity. Working with the State of Indiana in cyber has taught me that you can have the most robust security system ever, but one guy or several can bring the whole house down because of negligence or a very manipulative phishing email. Therefore, it’s important to also foster a healthy cybersecurity culture through awareness and collaboration and it’s been great to be a part of that this summer.
More Women Needed in Tech Leadership Roles
Wednesday, July 27, 2022
By Anushree Bag
Women hold only 25 percent of computing roles, according to data from the National Center for Women & Information Technology, and the number is much lower in senior roles. In the public sector, only 18 percent of state chief information officers are women. Given that women represent 50 percent of the population, these numbers reflect a serious underrepresentation of women in the technology sector, especially in the upper echelons of management. A McKinsey study published in September 2018 reported that the lack of gender diversity carries with it a major opportunity cost, for both individual tech companies and the entire sector. Diverse teams, including those with greater gender diversity, are on average more creative and innovative and, ultimately, are associated with greater profitability.
There are several compelling reasons to make technology careers more attractive for women.
- Design inputs: Design and engineering teams greatly benefit from gender-diversity perspectives. Products that are designed by men, with just men in mind, can have a plethora of inconveniences and negative consequences for women users. Until recently, seatbelts and car safety crash tests did not account for measurements of a woman’s body, and body armor for policewomen was ill-fitting because it was designed for a man’s body. When women are part of the team designing tech gadgets, it is much more likely that considerations will be made to ensure that the gadgets appeal to women buyers. Such as, a smartphone that is not too large for a woman to grip, a smart watch that is sized correctly for a woman’s wrist, and a voice-activated device that is able to recognize a woman’s voice with high accuracy.
- Making use of mental abilities: An often-overlooked competency in women is their skill in solving puzzles. The Code Girls were a group of more than 10,000 women who served as cryptographers (code makers) and cryptanalysts (code breakers) for the U.S. military during World War II. These women continually broke the ever-changing and increasingly complex systems used by the Axis powers to shroud their messages in secrecy. The vital intelligence these women provided to the U.S. Army and Navy allowed the military to not only keep many American troops out of harm’s way, but also to ensure the country emerged from war victorious. In recent times, the points of possible attack for cybersecurity have proliferated, and ransomware attacks are at an unprecedented high. Cybersecurity teams should include women, so their logical and analytical skills can be used to detect cyberthreats and prevent/contain significant cyber breaches.
- Human approach: With the explosion in the demand for digital services, the role of the chief information officer has evolved to that of a broker, who is not only able to deliver integrated IT services that enable business goals, but who also has emotional intelligence—an empathetic listener, an influencer, a collaborator who remains calm during times of turbulence, and someone who inspires and builds high-performing teams through coaching and mentoring. A 2016 Korn Ferry study reported that “women score higher than men in 11 of 12 key emotional intelligence competencies.” “The data suggests a strong need for more women in the workforce to take on leadership roles,” said Daniel Goleman, author of the New York Times bestseller “Emotional Intelligence and Social Intelligence: The New Science of Human Relationships.” Given the correlation between high emotional intelligence and leaders who deliver better business results, there is a strong case for organizations to find ways to identify women who score highly on these competencies and to create leadership opportunities for them. It is not an altruistic move; rather, it’s a good business strategy.
- Talent access: According to the Pew Research Center, women in the United States have outpaced men in college graduation rates. Despite the high graduation rates, the percentage of women graduating in STEM fields is low, which can often be attributed to the incorrect perception that successful tech careers can only be built by introverts who are surrounded by wires and machines and spend long hours writing millions of lines of code while eating stale pizza. This image is particularly unattractive to young women, and the tech sector is at risk of losing out on a significant talent pool. There is a clear need for dynamic women in technology leadership roles who can serve as role models and help change the narrative. We can be what we can see. It is worth the efforts to inspire young women to consider technology careers through telling stories about diversely successful women in technology. Women such as Gladys West, a mathematician, and the pioneer of global positioning systems; Anne Wojcicki, founder of DNA-testing technology company 23andMe; Lauren Gardner, an engineer and epidemiologist who created the Johns Hopkins COVID dashboard; and Whitney Wolfe Herd, the founder and CEO of technology-based online dating company Bumble.
- Untapped market: There has been very little progress in innovating products that, by definition, only women buy, such as feminine hygiene products, ovulation tracking tools/apps, breast pumps, etc. There is money left on the table. Women in tech leadership roles would identify with the need for modernization in these products and would be perfectly positioned to lead innovation in ways that would make a difference for women consumers.
Because of the pandemic, many tech companies have created flexible work programs that are favorable toward attracting and retaining women, such as expanding programs for backup childcare and paid family caregiver leave, free mental health counseling, etc.
While such progress is encouraging, we still have a long way to go. Organizations need to stay committed not only to hiring competent women in technology roles, but also to enabling, empowering, and elevating women in ways that allows them to multiply their own impact and blaze the trail for others*.
*This column was first published in The Indianapolis Business Journal
Authoritarians are Cyber Bullies
Friday, July 22, 2022
Are we in the 1980s or the 2020s? “Top Gun” is in the movie theaters (and Tom Cruise is STILL doing his own stunts). Kate Bush’s “Running Up That Hill” is playing on the radio. And, unfortunately, some nations **cough, cough, Russia, and China** are still up to no good.
Many of you are probably unaware that this week is Captive Nations Week. It was established by Congress at the start of the Cold War and it is a call for liberty and opportunity for the oppressed people of authoritarian governments.
Not only that, it’s a reaffirmation of the importance of maintaining and protecting democratic principles. Coincidentally (or not), among the nations who are criticized under Captive Nations Week, are China and Russia, who are also nation state actors who engage in cyberattacks that target democratic nations.
So what are they doing?
According to US Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) China targets have been critical infrastructure such as health care, energy, the defense industrial base, and government facilities. For more information, read CISA’s “China’s Cyber Threat Overview and Advisories”.
And Russia is no better. CISA reports that “the Russian government engages in malicious cyber activities to enable broad-scope cyber espionage, to suppress certain social and political activity, to steal intellectual property, and to harm regional and international adversaries.” For more information, read CISA’s overview of Russia’s Cyber threat. In addition to the continued attacks on democracies, including the terrible war in Ukraine, Russia has openly used misinformation and dis-information to try and influence the outcome of our elections. During the last presidential election, a report from the United States National Intelligence Council found that Russian President Putin had authorized influence operations spreading disinformation that harmed President Biden’s candidacy and the Democratic party which, in turn, “undermined public confidence in the electoral process.”
If you’re an organization in critical infrastructure that is prone to be targeted by Nation-State attacks, here are 4 ways to defend yourself.
- Avoid acquiring technology from companies based in nations that pose a threat. You can also request vendors to provide evidence about the security process used to create the application or hardware.
- Isolate internal networks from the Internet. The safest way to protect data is to remove internal systems from the Internet.
- Share cyber threat information with other organizations. This can enhance situational awareness and help mitigate attacks to other organizations.
- Enhance employee cybersecurity awareness programs, including educating everyone in your organization to help increase their knowledge of best practices related to the company’s IT security.
It is also important to help prevent disinformation from spreading. If you see crazy claims on the internet that are hard to believe, it probably is. Make sure you stop and think before sharing it with others. You should also fact check any claims with credible sources such as local, state, or the federal government.
The tools of oppression have evolved alongside technological advancements. Authoritarian governments now have more tools to exert control over their populations, as well as undermine democracies abroad.
Thankfully, there are a wide range of cybersecurity resources – including CISA’s “Shields Up” website page and, here in Indiana, you can visit the Indiana Cyber Hub for all kinds of helpful information, including best practices, resources and tips that you can use at home, at work or at school.
Ensuring the strength of our democratic institutions is at the heart of recognizing the significance of Captive Nations Week and what we learn from it will help in contributing to a culture of cybersecurity for all of us.
CELL PHONE COURTESY IS CYBERSECURITY
Wednesday, July 13, 2022
Cell phones, or what we now refer to as smartphones or mobile devices, have become increasingly integral to the way we communicate (and so much more) with our friends, family, and co-workers.
In 2011, only 35 percent of adults had smartphones. Ten years later, it has skyrocketed to 85 percent. Smartphones have also fundamentally changed how we communicate on our phones. While the primary avenue of communication used to be calling and texting each other, smartphones with internet access have allowed us to facetime, email on our phones, use social media, as well as many other methods to communicate.
With this month being National Cell Phone Courtesy Month, it is time to review our mobile phone habits, and one habit that we should not be overlooking is protecting our mobile devices from cybercriminals.
Here’s the thing. Although it’s true that smartphones have improved our ways of communication, they’ve also given cybercriminals another vector to steal our information. In 2021, Checkpoint (a renowned security firm) published in its Mobile Security Report that 40 percent of mobile devices were prone to cyberattacks. They also noted that the most common attacks were phishing attempts and downloading malicious applications. These findings are something to be wary of, but there are a few simple cybersecurity tips we can use to protect ourselves and those we communicate with using our smartphones.
- Use strong passwords. Change any default passwords to one that’s hard to guess, but easy for you to remember. Use different passwords for different programs and devices. (Pro Tip: download a reputable password manager to help you with complex passwords and safely store them.
- Keep software up to date. Install updates as soon as they are released. This will prevent attackers from exploiting known vulnerabilities.
- Disable remote connectivity. When wireless and Bluetooth technologies are not in use, disabling those features is a good practice to follow and limits bad actors from accessing your phone when you are out and about.
- Be careful what you post and when. Cybercriminals can use your social media information in targeted phishing attacks. They can also see when you are not at home.
- Guard your mobile device. Physical security is as important as cybersecurity. Never leave your device unattended.
- Know your apps. Review applications before downloading. Applications could contain malicious software that can release your personal information. Delete any apps that are not needed to increase your security.
And as with your personal computer, make sure you do not click on any suspicious links that are sent to your phone. Phishing and social engineering attacks have become more elaborate and being mindful while you browse the internet on your mobile device or random texts you may receive will help you remain secure.
While these tips are here to protect you, how can we be courteous to the people around us? We can help prevent the spread of disinformation.
Disinformation is false or inaccurate information that is deliberately spread with malicious intent. The next time you find something outlandish or hard to believe on social media or as part of an email or even a text message, make sure you verify the information is true with credible sources before sharing with your friends and family or your co-workers, including your boss.
As you think about the habits you rely on or use with your mobile device, be sure to follow these tips to keep your smartphone secure and protect your personal information. We increasingly rely on our smartphones to communicate with our friends and family. Now, we must also be increasingly aware and courteous to each other in person and online.
Cybersecurity: Putting a Paws on Cybercriminals
Monday, July 11, 2022
Whether you are a follower of a pet social media account (yes, that’s a thing) or you run one yourself, or you’re one of the 3.81 billion people that use social media worldwide, cyber criminals are seeking to engage with you and your sensitive information.
And as the world turns more and more towards the use of social media, cyber criminals are targeting various platforms opening a portal of new opportunities for them.
TODAY is All American Pet Photo Day. Nowadays, it is very common to see social media profiles dedicated to one’s pets. Those that follow these types of accounts as well as those who run them, lighthearted as it is, are not immune from cybercriminals. In fact, cybercriminals are targeting social media users using four main tactics including:
- Misinformation campaigns
- Phishing and scams
- Hacking of accounts
Social media constantly bombards us with information. Not all this information is truthful and can, sometimes, be misleading. It is important to ask yourself where this information may be coming from and why. USDHS CISA provides a whole library of mis-, dis-, and mal-information resources to empower users to understand the threats that this misleading information can have on you, including your personal and financial information.
Phishing and Scams
Targeting users is the name of the game when it comes to social media, but sometimes it can go too far. Scammers have begun to utilize email and text messaging schemes to trick you into giving them your personal information and sensitive data. The Federal Trade Commission provides great resources on how to keep yourself protected from a potential phishing scam. Pet social media profiles are no exception. If you post an adorable picture of your pet and you get a message stating that your pet is so cute, they want to feature it on another pet account or magazine, DON’T fall for it! If it sounds too good to be true, it typically is, even if your pet is adorable.
New research has shed light on how social media platforms – especially those that are frequently visited like Facebook, Instagram, and Twitter – are becoming massive malware distributors. In fact, one in five organizations have been impacted and 12 percent have experienced data breaches because of the malware through social media. Darkreading.com lays out all the research that has been done because many organizations often overlook the dangers that social media platforms have when it comes to malware.
Hacking Your Accounts
With phishing scams and malware becoming more commonplace occurrences on social media (even those cute pet accounts), these two methods can enable someone you don’t know to gain access to your accounts. This is called hacking. Hackers love to stream through the content you post whether it’s on one platform or multiple ones because they see it as a gold mine for personal information. Securitymagazine.com shares stories and results from research showing the regularity of social media accounts being hacked.
With such popularity surrounding even our pet’s social media accounts, the importance of staying safe whenever we’re online – on any platform – should be the top priority. To learn more about the latest cybersecurity tips, best practices, resources and more, visit our Indiana Cyber Hub website and follow us on social media on Twitter and Facebook.
GOT CYBER? DON’T LEAVE HOME WITHOUT IT!
Friday, May 27, 2022
Whether your Memorial Day weekend plans include a vacation or staycation, or you’re one of the more than 300,000 race fans who’ll be “Back Home Again in Indiana” on Sunday for the “Greatest Spectacle in Racing”, or you’re one of the 39.2 million Americans who’ll be going somewhere in the next two or three days, you’re going to discover, cyber criminals are already heading out to wherever it is you’re going.
And just as we spend all kinds of time getting ready to make sure we’re able to relax, cyber criminals are working overtime to do whatever they can to try and use a variety of online scams to leave us stranded.
TODAY is National Road Trip Day. It’s the unofficial start to summer; school’s out and now, the biggest decision we want to have to make (especially if we’re on vacation) is being able to answer the question, “we’re not setting the alarm, right?”, or if we’re headed to the track, “who’s got the tickets?”.
For starters, whether you’ve made your reservations already or, maybe, you did your research when you booked your stay, there are some travel-related scams that the Federal Trade Commission says you’ll want to avoid (or may have noticed) along with some of the “red flags” to look for, including:
- Getting a “free” vacation that you have to pay for.
- Not receiving any specific details about the travel offer.
- Being told that the ONLY way to pay for your vacation rental is by wire transfer, gift card, or cryptocurrency.
- Being pressured to make a quick decision about a vacation package or rental.
- Being wary of deals featuring premium vacation properties advertised for “super cheap” prices.
Of course, just as you’ve packed your bags with an outfit for, seemingly, all of the activities you’re planning to do, you won’t want to leave home without first making sure that you’ve securely packed away your data and tuned up your mobile devices to handle whatever scams a cybercriminal might try to use to get in the way of your good times.
SecurityIntelligence.com offers a just-released article entitled, “Cybersecurity Tips for a Safer Vacation” featuring a complete guide with lots of cyber-safe steps you’ll want to follow before you hit the road, including:
- Using secure passwords, proper password safety and multi-factor authentication (MFA).
- Using a credit card (versus a debit card) when making online purchases.
- Leaving your data at home. Take only the devices you need and leave the rest at home.
- Keeping up with software updates.
- Reviewing and limiting app permissions.
- Disabling automatic connections.
- Protecting yourself from prying eyes. Get yourself a privacy screen for your phone and computer and set up and test virtual private network (VPN) connectivity.
Once you’ve arrived, whether you’re at a hotel, resort, restaurant, or bar, or even the stadium or a racetrack, it’s always a good idea to be aware of your surroundings. This is especially true when you’re using your credit card to make a payment. Keep an eye out for any onlookers or “shoulder surfers”, who’ll try – especially in a crowded place, such as a concession or souvenir stand – to try and steal your account information, such as a PIN number or password.
One other cyber tip to keep in mind, especially if you’re headed to the Indy 500, or any other sporting event, is to make sure if you’re needing to buy a ticket or even a parking pass, be sure to check out this recent article about the tips to keep in mind for purchasing tickets online from the National Association of Ticket Brokers and the Better Business Bureau, including:
- Purchasing tickets directly from the venue whenever possible
- Not clicking (to make a purchase) from emails or online ads
- Considering your source (professional ticket brokers vs. individual sellers or scammers selling fake tickets)
- Knowing the refund policy
- Using only payment methods that come with protection
- Verifying your tickets at the venue’s ticket office if you’re unsure.
- Reporting a scam to the BBB’s Scam Tracker at: www.BBB.org/ScamTracker and the FTC at: www.ReportFraud.ftc.gov.
Whatever your plans are, following these cybersecurity tips will help in making sure you’re as safe physically as you are online and visit our Indiana Cyber Hub website at: www.in.gov/cybersecurity/ for more best practices, resources, and tips.
EMS PROFESSIONALS RELY ON CYBERSECURITY IN RISING TO CHALLENGE FOR DELIVERING CARE, SAVING LIVES
Wednesday, May 18, 2022
NATIONAL EMS WEEK - MAY 15-21, 2022
When it comes to describing the critical, lifesaving work performed by EMS (Emergency Medical Service) professionals, there are few better words that define what it is our frontline heroes do than their ability to “rise to the challenge”.
It’s National EMS Week and this year’s theme, “Rising to the Challenge”, is particularly meaningful now, as a reminder to all of us that these dedicated people, every day, face all sorts of challenges. Yet, they reliably answer the call to respond, support, and care for the needs of our communities.
Here in the Hoosier state, our emergency management system includes a dedicated workforce of more than 24,000 EMS professionals; it’s a system that provides emergency medical care to their patients more than 2,000 times per day. In 2021, they completed were more 1.26 million EMS runs, earned 2,539 new certifications and whose work is achieved as part of the more than 800 provider organizations that operate across the state.
A critical component, vital to meeting those challenges, is cybersecurity.
EMS agencies use electronic systems and software for everything from capturing 911 call data, dispatching the ambulance, and recording patient care to collecting clinical data, billing for services, and communicating with one another. At any moment, a single cyber incident can threaten or compromise the CIA Triad, an information security model consisting of three core components – confidentiality, integrity, and availability – that is used as a model to help guide an agency’s security policies and procedures.
Among the types of cyber incidents that can occur, includes:
- Phishing email: An attacker uses tricky emails to get users to disclose information, very often their username and password. The attacker then uses the stolen credentials to gain access to the network.
- Malware: An attacker distributes malware as email attachments or links; from the web; from external devices such as USBs, CDs, and DVDs; or it can be manually placed by an attacker that has access to the network.
- Hacking or intrusion: Occurs when an attacker is able to exploit vulnerability on a computer or computer network to gain access. From this point, the attacker may increase their privileges or may use the compromised computer as a pivot point to move deeper into the network.
- Theft or loss of equipment: When equipment that can store a patient’s health information is lost or stolen, the information it contains is at risk.
- Tailgating, shoulder surfing, baiting: Techniques used as a means to gain access. Tailgating is following people through access-controlled doors or gates to gain access to secured areas. Shoulder surfing is looking over a person’s shoulder to watch a password or pin entered during login or reading other information the user is viewing. Baiting is leaving USB, CD or DVD drives in a parking lot where a user will pick it up and put it in a computer, compromising the computer.
In response, EMS professionals receive training designed to keep their patients, as well as the communities they serve, medically safe and secure, while, at the same time, protecting their personal information and delivering the highest quality of care.
To help protect our state’s dedicated EMS providers, cybersecurity is a high priority in Indiana. As the State of Indiana’s Cybersecurity Program Director, we are grateful for their tireless work and, together, with the members of the Indiana Executive Council on Cybersecurity, we are committed to continuing in our mission to creating the policies, initiatives, and resources that are critical to maintaining Indiana’s cyber risk profile.
Indiana Gov. Eric Holcomb proclaimed May 15-21, 2022, as EMS Week and all Hoosiers are encouraged to celebrate and honor the work of emergency service personnel throughout the state.
For more information about how these dedicated professionals are “rising to the challenge”, visit the Indiana Department of Homeland Security (IDHS) website and be sure to watch the video tributes and hear their stories. And for the latest cyber resources, best practices, and tips, visit the Indiana Cybersecurity Hub and follow us on Twitter and Facebook.
STAYING SAFE ONLINE NEVER GETS OLD
Wednesday, May 11, 2022
For all the knowledge that younger people possess when it comes to being on social media and using the Internet, people who are 65 years and older are the ones who are catching up quickly and figuring it out.
As we celebrate Older Americans Month, analysis from a Pew Research Center survey conducted in 2021, revealed that the presence on social media among Americans 65 and older grew about fourfold since 2010. And, since that time, the gap between adults under 30 and those 65 and older shrank from 71 percent to 39 percent. Even the use of YouTube (for people ages 65+) jumped from 38 to 49 percent.
It’s encouraging to see the demographics of innovation spread across generations. What’s more, we’re seeing the same kind of “digital” comfort, among older people extend to such things as owning a smartphone and other types of mobile devices (i.e. tablet computers). It’s fitting, perhaps, that this year’s theme for Older Americans Month is “Age My Way”, highlighting the many opportunities that older adults can explore as a solution for remaining in and being involved with their communities.
It’s the kind of progress that connects all of us to one another and keeps us together.
Of course, with any sort of advancements that are achieved using technology, because we’re human, we make decisions, often times, that are rooted in a sense of trust. A good thing.
But, unfortunately, just as we have that neighbor who borrows something from us and is kind of slow in getting it back to us, the world of cybersecurity is filled with bad actors and scammers who are doing everything they can to steal our hard-earned money, our Identity, and our personal information. It can be devastating, and this is especially true for all of us, especially as we get older, regardless of how we might define it.
The good news is, whether you’re looking over your feed on Facebook or paying your bills – there’s a variety of tips and best practices for what is often referred to as good cyber hygiene you can follow to stay safe anytime you are online. The same is true if you are someone who’s caring for someone who’s older (or, in poor health) in dealing with all things digital.
As part of its “Shields Up” campaign, The Cybersecurity Infrastructure and Security Agency (CISA) offers a great deal of helpful information to be sure to use, including four things all of us (regardless of age) can do to stay cyber safe, including:
- Implement multi-factor authentication on your accounts. A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, or best yet, a FIDO key, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you.
- Multi-factor authentication can make you 99% less likely to get hacked. So enable multi-factor authentication on your email, social media, online shopping, financial services accounts.
- And don’t forget your gaming and streaming entertainment services!
- Update your software. In fact, turn on automatic updates. Bad actors will exploit flaws in the system. Update the operating system on your mobile phones, tablets, and laptops. And update your applications – especially the web browsers – on all your devices too. Leverage automatic updates for all devices, applications, and operating systems.
- Think before you click. More than 90% of successful cyber-attacks start with a phishing email. A phishing scheme is when a link or webpage looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information.
- Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware.
- If it’s a link you don’t recognize, trust your instincts, and think before you click.
- Use strong passwords, and ideally a password manager to generate and store unique passwords. Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on.
Additionally, CISA’s “Cybersecurity and Older Americans” fact sheet includes a series of precautions to follow when it comes to medical advice, banking and shopping, as well as:
- Keeping your mobile devices in your possession at all times and always be aware of your surroundings.
- If you use social networking sites such as Facebook, Twitter, or LinkedIn, be sure to limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
- Most businesses or organizations don’t ask for your personal information over email. Beware of any requests to update or confirm your personal information.
- Avoid opening attachments, clicking on links, or responding to email messages from unknown senders or companies that ask for your personal information.
Here in Indiana, cybersecurity is important and the Hoosier State is recognized nationally as one of THE leading states for cyber among all states and our Indiana Cyber Hub website (if you’re reading this blog – you’re on it) is filled with all kinds of the latest FREE resources, best practices and tips for all Hoosiers, businesses and local government.
Want to learn more about cyber? We invite you to also check out our “Assess Yourself” website page where you’ll find a series of short online quizzes that you can use to see how your measure up.
One thing’s for sure, you’ll discover that you’re never too old to get in on the latest trends!
Cybersecurity: Key to Celebrating Small Business Success
Wednesday, May 4, 2022
When it comes to owning a small business, the issue of just how critical cybersecurity is – in terms of protecting your customers and employees while, at the same time, preserving your bottom line – can be tough to measure.
It’s a balancing act and, at times, it feels like you’re juggling a few chain saws while on roller skates.
And most days, to use a football analogy, all you have to do is pick up a yard and you keep moving forward. Your team is experienced and all you’re doing is filling an order for a longtime customer that you’ve done every week for years. Your ordering systems, including how your customer’s data is handled, operates as it should, and business is good, right?
Except, today, when you lined up to get it done, suddenly, something happened. Someone on your staff opened up an email, clicked on a link, and just like that, a phishing attack has occurred and you’re not in control of your business.
It’s as though you’re that team from the movie, “Little Giants”, and you’re facing off against Spike and the Cowboys. It also helps explain why 43 percent of all data breaches involve small- and medium-sized businesses and fully 61 percent of all small businesses have reported at least one cyberattack during the previous year. It’s certainly not the news anyone wants to hear, but, at the same time, the opportunity and the resources are out there to help small business owners use cybersecurity as a tool for helping them grow and that’s a reason to celebrate.
It's National Small Business Week and this year’s theme is “Building a Better America Through Entrepreneurship”. What better way to celebrate the resiliency and tenacity of business owners, here in Indiana and across the country? For more than 50 years, the U.S. Small Business Administration has recognized the critical contributions of these entrepreneurs to our nation’s economy and the communities, in which their businesses are located.
Among the resources that are available includes the Business website page of our Indiana Cyber Hub. There you’ll find links to free, easy-to-use, online quizzes – including the Indiana Cybersecurity Scorecard – to help assess your understanding of cybersecurity and provide you with meaningful feedback on what you can do to make your business more secure.
Additionally, the Federal Communications Commission offers 10 Cybersecurity Tips for everything from training employees and creating a firewall to creating a mobile device plan to help protect confidential information. It’s a good idea to:
- Make backup copies of important business data
- Control the physical access employees have to your computers and create user accounts to help minimize the occurrence of laptops and other mobile devices from being lost or stolen
- Require employees to use unique passwords (and update them every three months) and consider implementing multi-factor authentication that requires additional information beyond a password to gain entry to critical systems/data.
To help stay informed as it regards some of the more malicious cyber activity that’s out there, be sure to visit the Cybersecurity Infrastructure and Security Agency’s (CISA) Shields Up website.
When it comes to keeping your business cyber safe, most of these best practices and helpful tips can be downloaded safely and installed – at no cost -- as a part of your business.
Should a problem arise, and your business is impacted by a cyber incident, you’ll want to be sure and report it as a way to help you recover. Be sure to visit our “Report A Cyber Incident” page on the Indiana Cyber Hub website. You’ll be able to do everything from the steps on how to contact law enforcement to tips on a variety of cyber threat sharing resources.
After all, you’re not always going to be able to run the “Annexation of Puerto Rico” to get you out of trouble to protect your business (but it’d sure be fun)!
"Cyber" Superheroes: We Need (More) Of You
Thursday, April 28, 2022
When it comes to celebrating someone’s work, we’ve adopted a phrase – the inspiration of which comes straight out of a comic book – and that is, “not all superheroes wear capes”.
Today is National Superhero Day and, in the world of cybersecurity, we appreciate the work that’s being done every day, as well as through the night, by the more than one million people, who work in cyber across the country. Here in Indiana, it’s an industry that is growing and accounts for more than 12,000 jobs and some 6,000 job openings.
Together, these “cyber” superheroes provide a vital role in our everyday life, through the skills, knowledge and experience they’ve gained to help protect us and keep secure everything from our personal information and our bank accounts to the critical infrastructure that exists within the world we live in (and rely on) – and SO much more.
If you think about it, the qualities of a superhero, as a comic book character, is someone who uses his or her powers to help the world become a better place, and, often times, they dedicate themselves to protecting the public and fighting crime. Talk about the perfect job description.
Of course, this is perfect timing as many of Indiana’s cyber heroes are meeting tomorrow at the next quarterly meeting of the Indiana Executive Council on Cybersecurity (IECC). These group of heroes have donated millions of dollars in services and hundreds of hours since 2017 to provide cybersecurity resources for those who need it most in Indiana.
Add to that, more of Indiana’s colleges and universities – public and private – are offering cybersecurity as part of their degree programs and thanks to initiatives, such as CyberStart America and events, such as the Flipping Finance Challenge, presented by the Indiana Bond Bank, there’s all kinds of opportunities for people to pursue a career in a field that’s in high demand. In fact, it’s estimated, by 2025, there will be more than 3.5 million cyber jobs available worldwide. No doubt, plenty of those jobs will be right here at home in the Hoosier state.
Whether you’re a student in middle school, high school or college, or you’re looking to switch it up and try something new, Technical.ly offers five good reasons to consider a career in cybersecurity, including:
- Cybersecurity jobs are among the fastest-growing career areas nationally, with job openings expected to grow by 31 percent through 2029
- There’s room for people from any kind of career background, including positions for opportunities that includes certification and training, but not necessarily, a college degree or a technical background.
- There is room for upward potential and career growth
- Endless possibilities for specialization within cybersecurity
- You can enjoy work that’s rewarding
Of course, if there’s one aspect that makes this tough while, at the same time, potentially more rewarding is the whole reason we need a superhero, in the first place and that’s the bad guys. Or, as they’re often referred to, bad actors or cyber criminals.
Because of the fact that the frequency and sophistication that’s involved with launching a cyberattack or using a phishing scam continues to increase, that’s where you can make a difference and use your superpowers to help someone safely and securely pay their utility bill or keep someone from hacking into a school or a small business or help to protect a community and keep everyone safe and secure.
For more information about cyber careers in Indiana, visit: www.in.gov/cybersecurity/cyber-careers/ and for the latest FREE resources, best practices, and tips, visit our Indiana Cyber Hub website at: www.in.gov/cybersecurity/.
Creating Cyber Opportunities for Neurodiverse Kids
Monday, April 25, 2022
Of all the things that can happen as a part of our kids’ future there’s almost nothing that can create as much anxiety as preparing them for life after high school.
This is especially true for my youngest boy, who was diagnosed at age five with Asperger's Syndrome, a form of Autism Spectrum Disorder. But even through his social struggles and his very black and white perspective on life, I have seen him flourish with STEM and has recently shown interest in cyber-related activities.
As a mom with a kid who struggles with seeing himself as ever having a “normal’ life, it is encouraging to know there are people like him out there who are leading the way in cybersecurity.
I was reminded about this a few days ago when I found myself reflecting about a recent Wall Street Journal article called “Neurodiverse Candidates Find Niche in Remote Cybersecurity Jobs.” In reading about the success of some amazing people, who are neurodiverse (a relatively new term that includes conditions, such as autism, attention deficit/hyperactivity disorder and dyslexia) and who have taken on the complex world of cybersecurity, I found myself hopeful about his future after high school.
What’s significant about this? People who are neurodivergent possess a skill set that includes traits such as hyperfocus, precision, persistence, along with an ability to identify patterns. And it is exactly these types of skills that are invaluable for assessing cyber risks, analyzing suspicious online activity, and performing a variety of other security jobs – here in Indiana, across the country and around the world.
At a time when it’s estimated there are more than 2.7 million cybersecurity jobs that are unfilled worldwide, as indicated in the article, hiring more neurodiverse candidates could help address the talent shortages that exists within the cyber industry.
As a mom of a neurodiverse son, one of the best sources of information that’s out there is the Employer Assistance and Resource Network on Disability and Inclusion EARN’s Neurodiversity in the Workplace Toolkit. This toolkit explores the “why” and “how” of capitalizing on the neurodivergent talent pool. After all, many neurodivergent people—and their satisfied employers—will tell you that their disabilities are assets that bring benefits to businesses and employees alike. This is a resource I would highly recommend for schools, parents, and employers.
And as you may know, April is Autism Acceptance Month and what better way to celebrate our differences by adding to the diversity of our collective workforce by supporting neurodivergent employees while, at the same time, create opportunities to make our world safer and more cybersecure.
And even though my son will most certainly have a lot of challenges as he moves through the school system and life, it is a bit comforting that cybersecurity is a world he can not only be a part of, but more importantly thrive in. When you think about, it’s what any parent would want for their kid.
To learn more about cyber careers in the Hoosier State, be sure to visit our Indiana Cyber Hub webpage at: www.in.gov/cybersecurity/cyber-careers.
April Is National Supply Chain Integrity Month - Fortify the Chain!
Monday, April 11, 2022
April is National Supply Chain Integrity Month. CISA in partnership with the Office of the Director of National Intelligence (ODNI) and other government and industry partners is promoting a call to action for a unified effort by organizations across the country to strengthen the information and communications technology (ICT) supply chain.
The 2022 theme is “Fortify The Chain,” referring to the ICT supply chain which powers our national security missions, critical infrastructure sectors, and private industry innovations. Adversaries target the ICT supply chain for this very reason to gain maximum access to every aspect of our society.
We live in a globalized world, connected by myriad supply chains and complex networks; a world in which the movement of people, goods, and ideas never stops. To stay ahead, every day more businesses are undergoing digital transformations to provide better customer experience, streamline operations, and more. While these changes are positive, they also bring shared security challenges where a risk to one organization can cascade to many.
To help stakeholders in industry and government, NCSC recently posted new supply chain risk management resources at the NCSC supply chain website. In addition to providing helpful information regarding supply chain threats and best practices, it provides links to resources of partner agencies as well.
To help protect America against supply chain threats, NCSC encourages organizations at a minimum to consider the following basic principles to enhance the resilience of their supply chains, including:
- Diversify Supply Chains: A single source of goods or services is a single point of failure. Diversify supply chains to ensure resilience in the event a supplier suffers a compromise, shortages, or other disruptions.
- Mitigate Third-Party Risks: Conduct robust due diligence on suppliers, understand their security practices, and set and enforce minimum standards for them. Incorporate security requirements into third-party contracts and monitor compliance throughout the lifecycle of a product or service.
- Identify and Protect Crown Jewels: Map the location and status of essential assets and prioritize their protection. Monitor systems and network performance to minimize impact of disruptions
- Ensure Executive-level Commitment: Name a senior executive as owner of supply chain risk and include stakeholders across the enterprise in the risk mitigation program. Communicate across the organization to ensure buy-in and establish training and awareness programs
- Strengthen Partnerships: Information exchange between government and industry on current threat information and security best practices is paramount.
With CISA’s role as the Nation’s risk reducer, the Agency is committed to working with public and private sector partners to enhance the security and resilience of the ICT supply chain. Throughout April, CISA will promote resources, tools, and information to help organizations and agencies integrate ICT supply chain risk management (SCRM) into their overall security posture. CISA’s themes for each week include:
- Week 1: Power in Partnership – Fortify The Chain!
- Week 2: No Shortages of Threats – Educate to Mitigate
- Week 3: Question, Confirm, and Trust – Be Supplier Smart
- Week 4: Plan for the Future – Anticipate Change
Resources include those developed by the ICT SCRM Task Force, a public-private partnership that embodies the Agency’s collective approach to enhancing supply chain resilience.
Got a Backup Plan? Protect Your Data, Preserve Your Memories
Friday, April 1, 2022
When it comes to cybersecurity, there’s some data we just can’t ignore.
It’s all around us, it’s embedded in the apps we use on our smartphones and it’s in our emails and text messages. It defines who we are; everything from our social security number and date of birth to the information that’s on our driver’s license or identification card (and so much more…).
As we reflect on the month of March and go into April, maybe it’s no coincidence that World Backup Day arrives on the calendar right in front of April Fool’s Day. After all, in the world of cyber, it’s about being prepared with a backup plan for protecting yourself against identify theft or preventing the loss or theft of data that’s critical to a business, school district, or local government.
What’s more, backing up your “data” means preserving your own personal memories, that is, the seemingly endless number of images and videos we’ve captured on our phones, cameras, and other mobile devices, as well as what’s stored on our laptops and desktop computers. Did you know, that by one estimate, 1.7 MB of data was created by every human every second in 2020?
If you want to gain a better understanding about the importance of cyber hygiene – by getting a feel for the types of scams that cybercriminals are using – you’ll want to take a look at
IBM’s X-Force Threat Intelligence Index 2022. Sure, it sounds like a recap of an intergalactic battle straight out of an “Avengers” movie, but it provides a lot of good information that’s highlighted in a way that’s helpful and straightforward, consider:
- For the Brand? Take a look at the list of the 11 most spoofed brands of 2021 -- using a phishing kit -- and then, take a peek at your email inbox. Any of those names look familiar?
- There's nothing like a phone call to say you care. The click rate for the average targeted phishing campaign was 17.8 percent, but targeted phishing campaigns that added phone calls (vishing or voice phishing) were three times more effective, netting a click from 53.2 percent of victims.
The fact is, for all the technology (and common sense) most of us possess, whether we’re at work, home or at school, data breaches can and do happen and systems fail. But, before you decide that all hope, digitally speaking, is lost, celebrate World Backup Day and whether you do it, starting today (or this weekend-don’t wait), here’s some tips to get you started, including:
- PC Magazine’s - A Beginner’s Guide to PC Backup
- The National Cybersecurity Alliance suggests following a simple, three-step process;
- If you’re a business, be sure to take a look at the CISA guide on data backup options that includes following the 3-2-1 rule.
As with all things cyber, be sure to visit our Indiana Cyber Hub website for the latest FREE cyber resources, best practices, and tips for all Hoosiers, businesses, and local governments. In addition to information for keeping your personal information secure, you’ll also find CISA’s new Shields Up site to help organizations increase their resilience to cyber attacks and protect people and property.
I AM CYBER WOMAN - HEAR ME ROAR
Wednesday, March 23, 2022
Being an adult is hard. Being in cyber is harder. Being a woman is the hardest.
As far as I can remember in my career with the industries of taxes, workforce development, labor, utilities, and now cyber, I have always been in the minority. Whether it was at the beginning of my career when everyone in the room was at least 20 years older than me or for the entirety of my career since I was from Venus (aka woman). In fact, all the industries I have worked most closely with have been made up of at least 75-80 percent of men.
And it is not lost on me that many times in my career I had to deal with the reality that for every great idea, I had to always work twice as hard to prove that my idea was the best in the room, whether it was because of my age or because I was a woman.
I’ve been lucky enough, however, to work with several state leaders and some amazing male allies who are working to empower women in the workplace, especially at the State of Indiana. This includes supporting advocate groups, such as the Government Women in Technology. Founded in 2020, this group is a supportive ecosystem, helping advocate for empowerment, enablement, and elevation, all while mentoring and motivating women to take risks and navigate an impactful career in technology. I’m lucky to be a part of this group and help where I can.
We still have a long way to go in creating equal opportunities for women AND treating them fairly in the workplace, but there are a lot of people and companies who are trying to close the gap with increasing education, creating more opportunities, having the hard conversations, changing the culture, and recognizing those whose work has made Indiana a better place to work and live in.
And statistically, it is getting better. In 2013, Frost & Sullivan observed that women made up 11 percent of the global cybersecurity workforce, and eight years later, that number more than doubled to 24 percent, according to 2021 Research from the Aspen Institute.
As we continue to climb the mountain of bringing more diversity to the workplace and our society, I hear the words of Malala Yousafzai who was an inspiring Pakistani activist for female education and the youngest Nobel Peace Prize recipient: "I raise up my voice - not so I can shout but so that those without a voice can be heard...we cannot succeed when half of us are held back."
BLACK HISTORY MONTH: DIVERSITY IN CYBERSECURITY IS MORE IMPORTANT THAN TECHNOLOGY Part Three – Advice for Getting Involved in the World of Cybersecurity
Friday, February 25, 2022
PERSPECTIVES FROM THE FIELD
The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.
In the latest installment of our series, Raymond Kirk shares his perspective on the importance of diversity in the world of cybersecurity. Today’s blog is the third in a three-part blog series in celebration of Black History Month – featuring a series of questions by The State of Security -- and focuses on the abundance of opportunities in cybersecurity and advice for people looking to join the industry.
By Raymond Kirk
Question 3: Can you recommend any communities that people looking to join the industry, or those looking to grow their networks, should look to be involved in? Where can they find new opportunities to learn and grow?
Raymond Kirk, Raymond_The_PM
One of my favorite communities I always recommend to young adults is yearup.org. They have a phenomenal workforce development program that includes several tracks into the IT and cybersecurity field.
Outside of that, I would look at meetup.com for local IT/cyber security events to network and even General Assembly for training and events.
Emanuel Ghebreyesus, etg71
The same as what I said before. Care first and be a human being that refuses to judge at sight but who wants to understand and get involved.
Fareedah Shaheed, @CyberFareedah
The most helpful opportunities to learn and grow come from meeting new people. And these people may turn out to be mentors or job opportunities.
I would also start to be active on Twitter and LinkedIn. Start having conversations with people from the industry. This will lead you into the communities and opportunities you want.
The International Consortium of Minority Cybersecurity Professionals is a great community for those looking to grow their networks and join the industry. However, I would also highly suggest ISACA, SANS, OWASP and local B-Sides communities.
There is no one right answer, and in fact, digital communities have been thriving during the pandemic. I would look into the Slack and Discord communities that align with your technology and security interests.
Ambler T. Jackson, LinkedIn
Both Women in Security and Privacy (WISP) and the International Association of Privacy Professionals (IAPP) are both great organizations for people to join and to tap into a network of like-minded individuals.
I belong to both, and I enjoy utilizing their resources and network as I continue to learn and grow in my career.
BLACK HISTORY MONTH: DIVERSITY IN CYBERSECURITY IS MORE IMPORTANT THAN TECHNOLOGY Part Two – How to Become a Better Ally
Wednesday, February 23, 2022
PERSPECTIVES FROM THE FIELD
The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.
In the latest installment of our series, Raymond Kirk shares his perspective on the importance of diversity in the world of cybersecurity. Today’s blog is the second in a three-part blog series in celebration of Black History Month – featuring a series of questions by The State of Security -- and focuses on the significance of becoming a better ally.
By Raymond Kirk
Question 2: The importance of Black History Month should be driven by everyone. For those potential allies that want to do more, but might not know where to start, what advice would you share? How can they help improve awareness, inclusion, and opportunities?
Raymond Kirk, Raymond_The_PM
Being an ally means truly understanding that Black Lives Matter, being brave enough to articulate that and look for ways to be a part of the solution against racism and inequality. African Americans have been oppressed for hundreds of years. I think it’s important to understand that not all Americans get the same starting line on their path to success; decision makers will need to reach earlier in the pipeline to groom and attract diverse talent in the infosec community.
Emanuel Ghebreyesus, etg71
The advice is very simple but complex. It is also impossible for anyone to say they can’t find information about this elsewhere. Anyone who has the wish and states they can’t find information on this is in denial and purposefully avoiding this internally.
Without the below, nothing can start.
- Care enough to make a difference as well as take action to follow what history has wrongly taught and how you may have been raised.
- Don’t look at anyone based on color, gender, race, or age.
- Everyone is unique, so don’t try to put them into a category you have created in your mind.
- Practice respect, humanity, generosity, understanding and pure desire to treat everyone as a human being first.
- Google “Black Lives Matter” and look at: https://www.livescience.com/difference-between-race-ethnicity.html, Cultural Diversity, Difference Between Culture and Society, 10 Ways to Be a Better Human Being, Diversity and inclusion strategy 2019 to 2023, Useful organisations for diversity and inclusion, to name a few.
Fareedah Shaheed, @CyberFareedah
I would say to find a way to make a positive impact in the life of someone who doesn’t look like you. This positive impact can come in many forms:
- Recommending them as speakers.
- Sharing job opportunities.
- Sharing resources.
- Endorsing them.
- Giving them a testimonial.
- Introducing them to your network.
- Supporting their work and/or initiatives.
- Asking them what support they need and then following through.
And one of the best things allies can do is working on themselves internally by reading books, watching documentaries, and having meaningful conversations with themselves and friends on self-awareness and change.
Gabriel Gumbs, @GabrielGumbs
Black History Month is larger than the community which it derives its name from. Civil rights are human rights. The reflection of the contributions made by African Americans throughout history in every aspect of daily life in the face of inequality should be driven by all because it is a universal story of struggle.
For those that may not know where to start, but desire championing Black History Month, I would suggest they begin by exploring the lived experiences of others and looking for opportunities to understand those experiences when compared to their own lived experiences. That happens through conversation; it happens through genuine interactions fueled by curiosity.
Ambler T. Jackson, LinkedIn
For allies who want to do more to improve awareness, inclusion, and opportunities in the infosec community, I suggest being comfortable with providing feedback to those who may need a gentle push in the right direction and to share information and opportunities broadly! Post it on social media, share it at work, share it with your local public library and share it with your book club members. You never know how sharing information and opportunities both inside and outside of your network could change the trajectory of an individual’s career.
In part three of our special three-part blog series celebrating Black History Month on Friday, Feb. 25th, Raymond Kirk discusses the topic of receiving “Advice for Getting Involved” and joining the Cybersecurity Industry.
BLACK HISTORY MONTH: DIVERSITY IN CYBERSECURITY IS MORE IMPORTANT THAN TECHNOLOGY
Monday, February 21, 2022
PERSPECTIVES FROM THE FIELD
The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers. In the latest installment of our series, Raymond Kirk shares his perspective on the importance of diversity in the world of cybersecurity. This week’s blog is the first in a three-part blog series in celebration of Black History Month.
By Raymond Kirk
Each February, the United States, Canada, the United Kingdom, and other countries observe Black History Month. It’s a month-long celebration of the generations of black people who have elevated society by the way in which they’ve lived their lives. It’s also an opportunity for us to recognize that there’s still plenty of work to do in the name of promoting diversity and inclusion.
This moment reaches into every sector—including cybersecurity. Indeed, (ISC)2 found that minority representation in the cybersecurity profession was just 26%. Fewer than a quarter (23%) of those individuals held leadership positions in their places of work. That’s despite the fact that 62% of minorities in cybersecurity held a master’s degree or higher, (ISC)2 learned.
Camille Stewart, Google’s head of security policy for Google Play and Android, explained that such a lack of minority representation—especially in leadership positions—ultimately holds back the cybersecurity industry. She used the example of a critical infrastructure company to demonstrate this reality to Dark Reading:
If you are contemplating how to build resilient systems internally that will then affect a diverse consumer base – your critical infrastructure, whether it’s water or electricity – how that [then] affects the daily lives of people who live in predominantly white suburbia versus a black suburban area, versus an inner city with a diverse array of socioeconomic folks, [these] things will be different: The city’s ability to respond. The city’s ability to mobilize around whatever your mitigation is. The impact it will have on how the children in the home are able to connect to school. The ability for the family to have a generator to back them up should the electricity go out. The ability to combat food insecurity if you’ve lost water, or electricity, etc. All of those things change based on things like race and socioeconomic status. And if your mitigations don’t contemplate for the diversity of your consumer base, you have a problem.
Clearly, diversity is instrumental in creating a more secure world. But that raises an important question: how do we foster diversity in cybersecurity?
The State of Security reached out to me along with several other cybersecurity experts to ask us about our experiences in the industry. Together, our responses provide a roadmap with which we can honor Black History Month and make the cybersecurity industry a more inclusive place for all.
On the Importance of Mentors
Question 1: Mentorship is extremely important in the world of cybersecurity. During your career, who has helped open doors for you? Who has had a positive impact on your life and how?
Raymond Kirk, @Raymond_The_PM
When it comes to mentors and positive impacts, I believe it’s important to have these interactions early in life.
For me, I’ve been fortunate enough to have an extremely talented and impactful mentor from the time I was in high school: Charlton Hudnell, an economics and social studies teacher at the time, who had a way of encouraging me and my peers to strive to be positive members of society, understand the landscape which we would need to navigate and learn the importance of leadership through service.
These values have translated directly into my professional career. In practice, this meant doing work you can be proud of, staying hungry to excel, knowing your value and giving back. I trace all my success back to Charlton Hudnell and the potential he saw in me as a young man.
There is also De Cranford, a Program Director/Guru whom I admire. She has truly shown me how to take large organizational and life challenges and then break them down and execute! She is restless in holding me accountable for my continuous improvement both personally and professionally.
Then there’s Danyell Johnson, my former manager during my Technical Consultant role at Hewlett Packard. He was a great mentor; he encouraged me to get as much training and knowledge about as many products and technologies as I could get my head around. He saw potential in me that created the space and time for professional development from data center experiences to pursuing my path to a PM.
Finally, I had the pleasure of working with Roderick Thornton, a project manager, during our time implementing one of the largest global implementations of Salesforce that had ever been done at the time. He showed me how to communicate and gain executive buy-in, manage multiple stakeholders and deadlines, and make it all look easy.
Emanuel Ghebreyesus, @etg71
I think mentoring is more than just the work you do in your cyber security job/world. What you do in your work is defined by who you are as a person, how you have gotten there, what drives you to excel, your principles, your work ethics, your ambitions, what self-challenges you take on to enhance your ability get you committed to a cause, what you are trying to achieve and for what or whom you are driving yourself.
With this in mind, I would like to honor a few mentors:
- My father and father-in-law are and will always be my greatest mentors. It would be impossible to cover all I have learnt, continue to learn and their achievements here, as I would need to write a book each for them; however, I have included a summary below.
My father and father-in-law are both entrepreneurs with extensive experiences, who have taught me the world of business and how to be a successful businessperson by always knowing what you are talking about, always being prepared, being flexible to adapt to any situation and dare to dream the impossible. My father’s commitment to progress, to his family and to self-sacrifice to pay for and provide me with the education I had in UK boarding schools and tutorial colleges was something very few Eritreans have ever achieved. Please note that in the 1980s the average earning for Eritreans was ~£75/month.
It is not often, where you would find a family as complicated and/or as diverse as mine. Out of the 19 siblings my wife and I have, only the two youngest are not married or in a long relationship. We are a diverse family because we are married to and have children with people from multiple backgrounds (Eritrean, Ethiopian, Caucasian English, Black American, Moroccan, Caribbean, Mexican, Canarian, Spanish, Venezuelan, Kenyan, and French), who are accepted and are equal. Our children speak 12 languages between them.
- VPs and Directors (Richard Parkinson, James Stirk, Mike Dalton, and Ross Allen), who had different impacts on me.
Richard and Mike saw the potential I had coming from an IBM background, when I first started in cyber security at Network Associates. They continued to drive me to keep getting trained on the solutions and kept providing me with bespoke spiff incentives ($5K-10K/month). They committed to me, and I gave my word to never let them down when they needed me to bring in more business when they needed it most.
Ross Allen (aka “The Bull” and “Rossweiler”) built like a wall and scary as hell, but who drove me to excel with his carrot and stick approach
James Stirk: He ran the government team at Oracle for over 20 years before he joined Intel Security/McAfee at the same time as my second term. He knew everything about government business and drove me to learn something that didn’t about the UK Government. He recommended people to be my mentors, but I didn’t want anyone else because no one else knew more than he did.
Paul Rutland: My SE at McAfee, who took time to train me personally and continuously on all things that had to do with firewalls, IPS and IDS systems. This became my main business generators during my time at Intel Security/McAfee. I drove the business from $200K to $4.5 million a year.
Fareedah Shaheed, @CyberFareedah
I would not be where I am today without mentorship and coaching along the way. A couple of people that have been pivotal in my journey are Dr. Jessica Barker, Jane Frankland, Crystal Ro and Aprille Franks. There have been so many others; if I forget to name them, please charge that to my mind and not my heart. Each one of these people has opened countless doors for me and given me phenomenal advice for my life and career. Every single achievement the public sees can be traced back to my mentors’ and coaches’ continuous support.
Gabriel Gumbs, @GabrielGumbs
There is no shortage of people who have opened doors for me in this industry and throughout my career. A couple of those examples have been in unexpected ways, however. If I have to mention any one of them by name, it would be the person who hired me for my very first infosec job: Richard Shuemaker.
I had a very strong interest in security and had been involved in the local security community in New York City, however at the time I was a network engineer. Richard took a chance on a scrappy propeller head and helped me navigate not only the bits and bytes of the professional security world but also the business side. He was my first mentor; we became friends over the years, and since then, I have always felt a calling for paying it forward.
Ambler T. Jackson, LinkedIn
Mentors are key to success in any field, and they may be official mentors or unofficial mentors. My professional journey has allowed me to work with several unofficial mentors, both men and women, who have helped open doors for me and shape my career in cybersecurity. I’ve been fortunate to work with people at various levels of management and leadership who believed in me, provided growth opportunities, and gave sound guidance and invaluable feedback based on their own unique and diverse experiences in the field.
The feedback that I received always helped me plan the next step for my career path. My peers and colleagues have also served as mentors by sharing relevant information and opportunities with me and encouraging me along the way.
Jihana Barrett, @iamjihana
I can honestly say that different people have poured into my success in this industry. I did not have any direct, streamlined mentorship. When it was time to study for a certification, I sought help from a particular group or individual when I needed to hone my knowledge and my skillset. When I needed more confidence. I turned to another group for leadership, and I guess guidance in that way.
So, it was not one particular person, but there has been guidance and mentorship throughout this entire process because there was no way it wasn’t going to happen.
Also, I think another reason why I didn’t have streamlined mentorship was because I didn’t see anyone that was my gender or my ethnicity doing what I was doing. They were engineers, or they did something else, but they didn’t specifically do cybersecurity.
And I remember at one point in my career really seeking that out. And then I realized I just had to create it for myself and then take up that charge, take on that charge to do it for the next generation.
So, that’s why I do career days at my high school. And when people want to talk about how to get into the industry, I offer a consultation on that because I know what it felt like to not feel like there was anyone doing what I wanted to do or anyone to ask those questions from. Because of that, my life and how it’s impacted me has just been phenomenal.
Honestly, I know that cybersecurity is my calling, and it’s what my purpose is in. How I present it and package it to others is how I have the most positive impact.
In part two of our special three-part blog series celebrating Black History Month - on Wednesday, Feb. 22nd, Raymond Kirk discusses the question of “How to Become a Better Ally”.
Tax Identity Theft Awareness Week: "Big Game" Strategy for Tackling Cybercriminals
Monday, January 31, 2022
By Chetrice Mosley-Romero
As the Cincinnati Bengals and the Los Angeles Rams prepare for the “big game” (and the rest of us prepare for the halftime show and the commercials), cybercriminals are already out there, using their playbook to try and “win it all” – when it comes to using your tax returns to steal your identity and your money.
Fortunately, because there’s a lot of value in being prepared and that “the best defense is a good offense”, there’s a lot of free online resources out there to help you.
Beginning today through Friday, Feb. 4th, it’s National Tax Identity Awareness Week. Launched by the Federal Trade Commission (FTC) as a way to help consumers and business owners stay safe, it includes a variety of best practices and helpful tips for everything from filing your taxes to making sure that if you are due a refund that you receive it.
The IRS and the Indiana Department of Revenue (DOR) often see four types of cybercrimes directed at taxpayers, including:
- IRS-Impersonation phone scams
- Marked increase in phishing, email, and malware schemes
- Fraudulent tax returns
- Tax preparer fraud
To keep your personal information and your tax documents secure, be sure to follow a few simple tips:
- Store your personal information in a secure location;
- Make sure you’re entering your personal information on a protected website;
- Choose a trustworthy tax preparer;
- Do not carry your social security card with you;
- Shred any documents with personal information on them if they are not needed;
- Make sure you have firewalls, anti-spam/virus software and updated security patches on your computer;
- Change your passwords regularly for internet accounts; and,
- Do not give out personal information over the phone, through the mail or on the internet unless you know for sure who you are dealing with.
To learn more, check out DOR’s Stop ID Theft website and if you’re the victim of identity theft, visit the Indiana Cybersecurity Hub website and the Report A Cyber Crime page for information on the steps you can take to report the incident and the state and federal resources that are available to help make that sure that it’s the cybercriminals who wind up taking the loss.
Data Privacy: It's Personal (and that's a good thing)
Friday, January 28, 2022
January 28, 2022
Of all the things we might say is important to us, it would be maintaining our privacy. After all, our privacy, however we might define it, is personal.
And, just as the information in our DNA is the ‘chemistry’ that makes us unique from one another, so, too, is our data (often referred to as our “PII” – personal identifying information).
When you put it all together, data privacy is the “something” that a lot of us are taking personal these days and it’s fitting that today is Data Privacy Day; a “holiday” that reminds us just how important it is to respect each other's privacy, safeguard one's data, and enable trust.
It’s an ideal time, too, for all of us to build on our knowledge and gain a greater understanding and appreciation for the importance of online privacy and learn more about managing our personal information and keeping it secure. As part of the celebration, businesses are encouraged to respect data and continue to be more transparent about how they collect and use customer data.
- 86 percent of the respondents said they feel a growing concern about data privacy;
- 78 percent expressed fears about the amount of data collected;
- 40 percent of the consumers surveyed don’t trust companies to use the data ethically, and;
- 13 percent don’t trust their own employers.
Add to that, cybercriminals often use phishing emails and text messages – targeted at both consumers and businesses – to try and steal personal data and cause other disruptions to people’s lives and to the bottom line of businesses.
Fortunately, there’s a lot of easy-to-follow steps we can follow, as part of our everyday routine, to stay safe online and there are resources available to help you. You can even manage your privacy settings, thanks to some helpful links from the National Cybersecurity Alliance, for everything from your Amazon account and your favorite music app to social media and more.
The FTC also offers a series of helpful tips for keeping your personal data protected, including:
- Locking your financial documents and records in a safe place at home.
- Limiting what you carry. When going out, take only your ID, along with the credit or debit cards you need. Leave your Social Security card at home.
- Making sure before you share any personal information at work, a business, your child's school and/or a doctor's office, always be sure to ask why they need it, how they will safeguard it, and discuss with them any consequences of not sharing it with them
- Shredding any important documents (i.e. receipts, credit offers or credit applications, medical/insurance forms, as well as any bank/financial statements or expired credit cards) that you no longer need or use
For more information about how to keep your personal information secure, Hoosiers are invited to visit the Indiana Cybersecurity Hub. Also, you can follow us on Twitter, or visit our Facebook page for the latest tips and other helpful links and resources.
Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats
Monday, January 24, 2022
Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy.
Most recently, public, and private entities in Ukraine have suffered a series of malicious cyber incidents, including website defacement and private sector reports of potentially destructive malware on their systems that could result in severe harm to critical functions. The identification of destructive malware is particularly alarming given that similar malware has been deployed in the past – e.g., NotPetya and WannaCry ransomware – to cause significant, widespread damage to critical infrastructure.
This CISA Insights is intended to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise. All organizations, regardless of sector or size, should immediately implement the steps outlined, including:
Reduce the likelihood of a damaging cyber intrusion
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA's guidance.
- Sign up for CISA's free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
Take steps to quickly detect a potential intrusion
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization's entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
Ensure that the organization is prepared to respond if an intrusion occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/ responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
Maximize the organization's resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. In addition, while recent cyber incidents have not been attributed to specific actors, CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.
As the nation’s cyber defense agency, CISA is available to help organizations improve cybersecurity and resilience, including through cybersecurity experts assigned across the country. In the event of a cyber incident, CISA is able to offer assistance to victim organizations and use information from incident reports to protect other possible victims.
CyberStart America Challenge: Perfect Opportunity for High School Students to Explore Learning, Career Possibilities in Cyber
Thursday, January 20, 2022
Here in Indiana and around the world, cybersecurity – as a career path – is advancing at a clip that might not measure out at the speed of light, but there’s never been a time when the opportunities have been more abundant.
According to ISC2.org there are approximately 2.93 million cybersecurity positions open around the globe. And, now, thanks to the CyberStart America challenge, Indiana high school students again have an opportunity to participate and compete in a cybersecurity skills-based game competition and, in doing so, gain an understanding of the many educational and career opportunities that are out there in an ever-widening range of cyber fields.
At the same time, the challenge centers on a fun and thought-provoking game to inspire young men and women to test their aptitude in cyber skills.
Whether you’re a high school student thinking about a career in cyber or you know a student, who could benefit from the experience of participating in an activity that could provide the foundation and lead to a decision to pursue a lucrative and fulfilling career, now’s the time to register.
Organized by the Indiana Department of Homeland Security (IDHS), registration for participating in the 2022 CyberStart America challenge is open through April 26, 2022.
High school students in grades 9-12 can participate for free, either as individuals or as part of a school-based team. Participants will take on the roles of agents in the Cyber Protection Agency, where they will develop forensic and analytical skills and deploy them to sleuth through challenges and tackle various online cybercriminal challenges.
As those who work in our schools, together with parents, guardians, and family members, you have a profound impact on the youth in our state and can play an important role in CyberStart America by encouraging young men and women to participate. To date, more than 600 students and 63 schools in Indiana have registered for this year’s competition.
Of course, it’s fair to ask the question of why someone might pursue an opportunity to learn more and/or follow on a cyber-focused career path, there’s 4 good reasons to consider, including:
- Practically unlimited growth potential – both with your career and within the companies and/or industries in which you’ll work.
- Plenty of variety, in terms of the situations and experiences you’ll encounter and the skills you’ll acquire as a part of your job.
- The ability to solve puzzles; for some of it, you’ll rely on best practices; in other instances, the tactics can (and, sometimes, will) change day-to-day.
- Cybersecurity jobs have a real impact that extends beyond the digital world and extends to the physical world, in which we live, work and play.
With your help, we can inspire even more young men and women to learn about cybersecurity and the many benefits of learning more about this growing field. Participating students do not need prior cybersecurity knowledge or IT experience. All that is required is a computer and an Internet connection.
Interested students can find out more information and register for CyberStart America at cyberstartamerica.org. If your organization has any questions or would like more information about the challenge, please contact the IDHS Office of Public Affairs by at email@example.com.
National Technology Day - Celebrating All Things Cyber
Thursday, January 6, 2022
In the world of cybersecurity, being an optimist is, sometimes, a bit of a challenge.
That’s part of the reality, you might say, that comes with the fact that a cyberattack occurs every 39 seconds.
Yet, with the start of a New Year, it’s a great opportunity to ask ourselves questions about how we can do even the little things better and the huge difference that it can make in our everyday lives.
It’s with that kind of optimism, today, we celebrate National Technology Day!
Established in 2016, National Technology Day recognizes the way technology changes our world, and it honors the achievements, made through time, that’s helped all of us.
Because of that, there are lots of opportunities to celebrate our cyber technology successes and it starts, simply, by our continuing to follow the recommended best practices, as suggested by CISA (U.S. Cybersecurity Infrastructure & Security Agency). What’s more, these things are easy to do and make your life easier, including:
- Keep your software up to date
- Run up-to-date antivirus software
- Use strong passwords
- Change default usernames and passwords
- Implement multi-factor authentication (MFA)
- Install a firewall
In doing so, we provide ourselves – at home, at work or at school – with a greater measure of protection from being the victim of a cyber criminal or having our identity and/or our money stolen as a result of a cyber incident or data breach.
After all, we use products that are designed and manufactured using the latest technologies. In turn, these advancements enable us to do everything from keeping us organized while using our smartphones to monitoring the control systems in our vehicles that we rely on to safely drive down the road to work or take our kids to school.
And just as technology connects us and keeps us safe and healthy through the products we use, cybersecurity refers to the "...body of technologies, processes, and practices designed to protect networks, devices, and programs, as well as our personal and financial data from an attack, damage or unauthorized access.
All in all, it's why we use technology to protect ourselves and experience a peace of mind that comes from knowing that we are safe and secure.
For lots of other helpful tips and resources and how you can use cyber at home, at work, or at school, visit our State of Indiana Cybersecurity Hub Page and be sure to follow us on social media on Twitter and Facebook.
Let's Create New Year's Expectations
Tuesday, January 4, 2022
In the movie, “Hoosiers”, there’s a scene where Coach Norman Dale asks if anyone from the fictional Hickory High School basketball team has anything to say, just before they take the floor for the championship game, and one of the players, Merle Webb says, “Let’s win this game for all the small schools that never had a chance to get here”.
And if you’re wondering what in the name of the picket fence does this quote have to do with cybersecurity, allow me to explain.
It’s always right around this time of year, most of us create our list of New Year’s resolutions. It’s a mostly frustrating (albeit sometimes entertaining) task that we struggle with annually.
As it regards at least a couple of items, one of two things happen – we don’t anticipate what might go wrong and we give up on ourselves – sometimes even before the game even starts. Or we satisfy ourselves by checking the box with an outcome that makes us “feel good" but doesn’t come close to the type of effort that we know it takes for really being able to put it in the win column.
With that in mind, instead, for 2022 maybe instead of resolutions, we put together a list of our New Year’s Expectations!
What’s the difference?
In the world of cybersecurity, there’s a lot of us out there – as individuals (of all ages), business owners and, even, local government officials. And, realistically, let’s start with the premise that there’s not always enough resources, financial or otherwise, to help achieve all of our goals. That’s OK.
Whereas, with expectations, it’s something we can proactively manage along the way and make genuine progress that’s as meaningful as it is measurable, and it helps us stay on track and keep moving forward.
With our families, when it comes to being online, there’s always a lot going on. There’s work (and homework) being done at home and everyone’s on their phone or mobile device, doing everything from a little bit of shopping to checking on their social media accounts. Being safe is important and here’s five tips for having an effective conversation with your family about cybersecurity.
If you’re a business, following some of the top trends is a way to create a greater level of cyber awareness and education with your employees and customers. Recently, the National Cybersecurity Alliance (NCSA) identified the top three trends worth watching in 2022. It’s information you can use to create expectations that’ll help your organization grow and succeed.
You’ll notice, too, I mentioned local government. When you think about it, there are all kinds of services that come through your city, town or county that have an impact on our lives every day. And the people – some of whom live next door or down the street – in those departments are hard at work trying to meet your New Year’s expectations.
Whether you’re an emergency manager, working in the clerk’s office or overseeing the local water utility, there’s things you can put on your cybersecurity “to do” list, such as the Indiana Cybersecurity Scorecard (it’s FREE to download and use) to help measure your organization’s cyber preparedness, and there’s a wide range of resources available from the Cybersecurity and Infrastructure Security Agency (CISA); all in an effort to help you stay safe and meet expectations.
Now, that you’ve got a few more ideas on ringing in the New Year, let's go!
CYBERSECURITY, PICASSO: A GREAT ‘BACKSTORY’ OF HOW TO ACHIEVE SUCCESS FROM CHAOS
Thursday, December 16, 2021
As with a lot of things, be it a news story or something we hear about someone’s life, we discover a great backstory that ties it all together in a way that makes for an ending or an outcome that’s as unexpected as it is thought provoking.
That’s something I discovered recently as we completed the 2021 Indiana Cybersecurity Strategic Plan.
Late in his legendary life, Pablo Picasso was quoted as saying, ”Our goals can only be reached through a vehicle of a plan, in which we must fervently believe, and upon which we must vigorously act. There is no other route to success.”
While it's not clear what, specifically, Picasso was referring to, it does suggest that for a man -- some of whose most famous works of art have been admired for decades for their chaotic design -- that his brilliance was reflected not only by what he created, but the vivid understanding he possessed about the necessity of having a plan as an absolute requirement for achieving success.
By contrast, the world of cybersecurity is highly complex and, yet it is cluttered with information, misinformation, and disinformation. In a word, it’s chaotic.
And, not unlike Picasso and his ability to harness some of that chaos and turn it into creativity, the necessity of having a strategic plan to achieve success – some of which is created out of chaos – is at the heart of why Indiana’s strategic approach for cybersecurity is producing results and why the Hoosier state is rapidly emerging as a leader among all states.
The 2021 Indiana Cybersecurity Strategic Plan encompasses not only the breadth of cyber as a topic, but its depth as well. Organized into three sections:
- Part One defines the strategic framework, in which the Indiana Executive Council on Cybersecurity (IECC or Council) was created and built and how it all came together, starting with the Executive Order signed by Governor Eric Holcomb in 2017.
- Part Two features an executive summary of the implementation plans developed by members of the Council’s 15 committees and working groups and its 2021 recommendations.
- Entitled “Real People, Real Work”, Part Three highlights the Council’s four-step progress, in real terms, that accounts for the fact that 78 percent of the 69 deliverables and 77 percent of the 120 objectives were completed by the Council over a three-year period.
- It also outlines the IECC’s best practices, including a reference to the State of Cyber Report (2017-2021) -- also a great read if you’re looking to learn more about how cyber is happening throughout the state -- and there’s also a stated commitment for the IECC moving forward.
As the State of Indiana’s Cybersecurity Program Director, I am proud of the work of the Governor’s Executive Council on Cybersecurity, especially when you consider that the IECC is the first-of-its-kind organization in the country and our structure is already being used by other states as a blueprint for how cyber can operate as a part of state government, just as it does now to help protect all Hoosiers, businesses, and local government, including our schools and military.
Most of all, the opportunity to lead the day-to-day management of the Council is special. The ability to experience such a high level of collaboration with and among our more than 250 advisory members – all of whom are senior level executives and subject matter experts from the public and private sector. And with our 35 voting members, whose leadership is valued in helping to guide the implementation of the deliverables and objectives that have been completed, as well as the 68 deliverables and 134 objectives that defines what we expect to accomplish in the years to come.
As the legendary radio broadcaster Paul Harvey, known for sharing backstories, seemingly, from every corner of our world, would've said just before signing off the air, “Now you know, the rest of the story” of how Picasso showed up in Indiana's cybersecurity strategic plan.
* * *
And, to learn more about everything Indiana is doing with cyber, we invite you to visit our Cyber Hub website, read and sign-up for our blog, check out our “Days of Our Cyber Lives” podcast series, and be sure to follow us on Twitter and visit our Facebook page!
‘Higher’ Computer Science Education: Key Factor in Indiana’s Success in Cyber
Thursday, December 9, 2021
As the Cybersecurity Program Director for the State of Indiana, I’ve been fortunate to have a front row seat – over the past four years – to experience first-hand the progress that’s been achieved throughout the Hoosier State with all things cyber.
As we celebrate Computer Science Education Week, it’s fitting that I had the pleasure recently to attend the opening of the new Cyber Security Operations Center and Awareness Lab, located at Ivy Tech Community College’s campus in Valparaiso.
Funded entirely with donations, the lab will offer training to high school students interested in a career in cybersecurity, college students enrolled in the school’s cybersecurity degree program, as well as police officers and other law enforcement officials working on cybercrimes. What’s more, thanks to the installation of a proprietary cyber range software program and a curriculum that was created by Ivy Tech professors, the students will have the opportunity to run through cybersecurity scenarios in real time.
Having a proven, strategic, statewide approach for cybersecurity in place comes at an especially critical time. As of 2021, there is a ransomware attack every 11 seconds; that’s up from 39 seconds in 2019.
To help in taking on these challenges, there are a variety of cybersecurity degree programs and success being achieved at other Indiana colleges and universities, including:
- Anderson University – Center for Security Studies and Cyber Defense, established through a $1 million Lilly Endowment Grant.
- Indiana University – CyberCorps Program, designed to recruit and train the next generation of cyber professionals to meet the needs of federal, state, local and tribal governments.
- Indiana Tech – State-of-the-Art learning environment for its cybersecurity students which will include a security operations center, a digital forensics lab and an interactive data center. The center is expected to be completed in time for the 2021-22 academic year.
- Purdue University – Launched in August, the NSA awarded a $2 million cybersecurity innovation grant to cyberTAP to conduct onsite assessment projects for Indiana’s local governments and K-12 school districts.
- WGU-Indiana – Designated as a National Center of Academic Excellence in Cyber Defense through the 2026 academic year.
- Vincennes University – Cybersecurity Center for providing students with access to networking, cybersecurity, information security and information assurance resources and students are given hands-on access to hardware and software while running a fully functional Security Operational Center (SOC).
Nationally, Indiana is at the forefront for cybersecurity among all other states because of the work that’s been completed by the Indiana Executive Council on Cybersecurity and all our amazing partners in academia, military, and the private and public sector.
For more information about these programs and all things cyber, we invite you to look at our recently-released State of Cyber Report (2017-2021) and for what’s ahead in the 2021 Indiana Cybersecurity Strategic Plan.
This week, as we celebrate the value of what is being accomplished in the classroom, both in terms of cybersecurity and computer science – we invite you visit our Indiana Cybersecurity Hub website for the latest best practices, tips, and resources to help you, your family and co-workers stay safe whenever you’re online.
CISA, FBI Reminds Critical Infrastructure to Maintain Strong Cyber Posture During Holiday Season
Monday, November 22, 2021
As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.
There are actions that executives, leaders, and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families. Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends.
CISA and the FBI strongly urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:
- Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links, and conduct exercises to raise awareness.
Additionally, CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including:
- Phishing scams, such as unsolicited emails posing as charitable organizations.
- Fraudulent sites spoofing reputable businesses—it is possible malicious actors will target sites often visited by users doing their holiday shopping online.
- Unencrypted financial transactions.
Finally—to reduce the risk of severe business/functional degradation should your organization fall victim to a ransomware attack—review and, if needed, update your incident response and communication plans. These plans should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident. Note: for assistance, review available incident response guidance, such as the Ransomware Response Checklist in the CISA-MS-ISAC Joint Ransomware Guide, the Public Power Cyber Incident Response Playbook, and the new Federal Government Cybersecurity Incident and Vulnerability Response Playbooks.
CISA and the FBI urge users and organizations to take these actions immediately to protect themselves against this threat. For a comprehensive overview, see the joint Cybersecurity Advisory Ransomware Awareness for Holidays and Weekends. For more information and resources on protecting against and responding to ransomware, visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.
NEW REPORT AFFIRMS "STATE OF CYBER" IN INDIANA
Wednesday, November 10, 2021
Just as an architect uses a blueprint as the foundation for a skyscraper or a school, Governor Eric Holcomb, on January 9, 2017, affixed his signature to a three-page document – Executive Order 17-11 – providing the groundwork for the Indiana Executive Council on Cybersecurity (IECC) to continue its work and implement a cybersecurity program for all Hoosiers.
In less than five years, the IECC’s achievement is defined by what it is today; a government council unlike any organization of its kind in the nation, both in terms of its first-of-its kind strategic approach and the unprecedented achievements, as defined in the State of Cyber Report (2017-2021). The results of the work completed by the Council’s 20 committees and working groups are included in the report in an easy-to-read format that spells out exactly what’s been accomplished from September 2018 to October 2021.
As the Cybersecurity Program Director of the State of Indiana, I am especially proud of the Council, the progress it has achieved and what it represents for all Hoosiers. In particular, it is our academic, military, private and public partners whose contributions have firmly positioned Indiana as a leading state in cybersecurity.
Divided into two distinct parts, the 50-page document reveals the history and the direct success of the IECC since its relaunch in 2017. More than 350 members were responsible for the research, planning, implementing, and evaluating the 2018 Indiana Cybersecurity Strategic Plan; the results of which are represented in the report.
- The Council completed 78 percent of its 69 deliverables and 77 percent of the 120 objectives.
- The membership – comprised of a cross-sector group of subject matter experts – donated hundreds of hours and millions of dollars in services and resources to Hoosier individuals, governments, and businesses.
- All of the deliverables are spelled out in the report in an easy-to-ready format that accounts for all the progress made by the Council from 2018 to 2021.
The second part is a collection of the many amazing cybersecurity programs and initiatives that are going on throughout Indiana. It is a sampling of the projects, but it highlights how important cyber is, as a part of our everyday life, and the significance it holds as a priority here in Indiana. There is a little bit of everything in cyber occurring throughout the Hoosier state – from what’s going on in our colleges and universities to public and private sectors and industry trade associations and organizations.
Additionally, the report highlights other resources that have been developed over the past four years, including our Cyber Hub website that includes a blog, as well as a list of the most-visited pages on our site and some of the most popular, free cyber resources, such as our Indiana Scorecard and Emergency Manager Cybersecurity Toolkit.
Of course, not unlike the architect, whose projects often include new additions to a building or a school that adds space to serve more students, the Council is continuing in its charter to build on the foundation it created to provide an even stronger cyber posture for all of Indiana.
Recognize Cybersecurity Awareness Month by Helping Your School Defend Against Cyber Threats
Monday, October 25, 2021
Each October, Cybersecurity Awareness Month raises awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online. The initiative’s theme of “Do Your Part. #BeCyberSmart” encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.
Our growing dependence on technology systems - coupled with emerging, evolving, and increasingly deceptive cyber threats - demands enhanced awareness and vigilance when it comes to our online world. It is especially important for schools, parents, and students to stay safe online by defending against risks and strengthening cyber safety and security both at home and within schools.
Helpful tips for improving cybersecurity in your school’s community include:
- Double your login protection. Enable multi-factor authentication for all accounts and devices to ensure that the only person who has access to your account is you.
- Shake up your password protocol. Consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect your and your school’s accounts in the event of a breach.
- Update security software. Whether you’re using a school’s computer, smartphone, or other device, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems.
- Play hard to get with strangers. Cyber criminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from – even if the details appear accurate – or if the email looks ‘phishy,’ do not respond and do not click on any links or attachments found in that email.
In addition, bookmark these key cybersecurity resources to keep your students and schools safe online:
General Resources and Websites
- Stop.Think.Connect. Parent and Educator Resources: This webpage outlines essential resources and materials for parents and educators to help start the discussion about cyber safety and cybersecurity with children and students. Find information about safe social media practices, what it means to “be online,” how to become a good digital parent, and more.
- Be Cyber Smart: This campaign is designed to inspire the younger generation of Americans to take responsibility for their own cyber safety. Learn about cybersecurity basics, common scams, and how to report cybersecurity incidents.
- StopRansomware.gov: This website is a one-stop resource where public and private sector entities can find U.S. government tools, information, and resources to help reduce the risk of ransomware attacks and improve resilience. The site includes a specific K-12 resource section, which includes information geared towards IT staff, students, parents, and administrators.
- Keeping Children Safe Online: This website offers guidance for teachers, parents, guardians, and caregivers on protecting children from becoming victims of online exploitation.
Fact Sheets, Videos, and Tip Cards
- Cyber Threats to K-12 Remote Learning Education: This fact sheet is a primer for non-technical educational professionals, and includes general cybersecurity best practices, video-conferencing best practices, and a list of available resources.
- Cyber Safety Considerations for K-12 Schools and School Districts: This fact sheet provides information to students, teachers, and administrators on identifying cyber threats, educating students on responsible online behavior, and learning how to prevent, prepare for, and respond to a potential cybersecurity incident.
- Cyber Safety Video Series: This series of short videos – centered around themes such as social media safety, ransomware, phishing, and making strong passwords – outlines tips and best practices to help schools, students, and educators stay safe online.
The U.S. Department of Homeland Security (DHS), U.S. Department of Education (ED), U.S. Department of Justice (DOJ), and U.S. Department of Health and Human Services (HHS) do not endorse any individual, enterprise, product, or service. DHS, ED, DOJ, and HHS do not mandate or prescribe practices, models, or other activities described in this communication. DHS, ED, DOJ, and HHS do not control or guarantee the accuracy, relevance, timeliness, or completeness of any information outside of those respective Departments, and the opinions expressed in any of these materials do not necessarily reflect the positions or policies of DHS, ED, DOJ, and HHS.
Governor Holcomb Designates October as "Cybersecurity Awareness Month"
Wednesday, October 6, 2021
Following on the proclamation by Indiana Governor Eric Holcomb designating the month of October as “Cybersecurity Awareness Month”, Indiana is continuing in its cyber readiness to keep all Hoosiers safe and secure and protect our critical infrastructure that’s essential to everyday life.
The progress comes at a critical time, as the severity and frequency of a cyberattack includes not only data breaches and is crossing over to sophisticated attack on the physical operations of water utilities, hospitals, schools, and local governments.
In addition to the best practices, tips, and resources available on the Indiana Cybersecurity Hub website, the State of Indiana is staying at the forefront of being prepared with the Emergency Manager Cybersecurity Toolkit; a free, downloadable “playbook” designed to help take out some of the complexities related to cyber and provide an invaluable resource with the tools to help people stay protected. It is a complete guide to help with planning in the event of a cyberattack.
Developed by the Indiana Executive Council on Cybersecurity (IECC), the Toolkit is organized into four main sections, including:
- A surveyto assist emergency managers in working with their partners to develop emergency and continuity of operations plans;
- Cybersecurity incident response plan template;
- Training and exercise guide; and
- Additional resources to help deal with new and pervasive threats.
For office managers, executives and IT managers – interested in getting an initial understanding of an organization’s cybersecurity posture – can use another cyber resource known as the Indiana Cybersecurity Scorecard; it is a free download and takes less than 20 minutes to complete to start a conversation about cybersecurity within an organization.
Cybersecurity Awareness Month is designed to raise awareness about the importance of cybersecurity across Indiana and the country to help make sure everyone is able to stay safe online. This year’s theme is “DoYourPart. #BeCyberSmart” and encourages individuals and organizations to be proactive in protecting their part of cyberspace. For more information, visit the Indiana Cyber Hub, or on social media at Twitter and Facebook.
Indiana's Cyber Readiness Advancing Rapidly
Friday, October 1, 2021
“Winning isn’t everything it’s the only thing”. – Vince Lombardi
“You play to win the game” – Herm Edwards
If you think about it, protecting a school, hospital, or a city’s water supply from a cyberattack is a lot like a football coach drawing up a game plan for playing against the #1 team in the country – every day.
There’s game film, playbooks and you always have to account for how you’re going to stop the other team’s best player from scoring; all the while trying to figure out what else the coach might have up his sleeve. And there’s no halftime show to try and adjust to stage a comeback.
That’s the challenge facing the State of Indiana in its efforts to continue rapidly moving forward in its mission to further strengthen its cybersecurity resiliency and response.
The progress that’s been achieved comes as the State of Indiana and the Indiana National Guard recently hosted two cyber exercises in a partnership with several federal agencies, health care providers, and technology companies, water utility service providers, state, and local government officials, as well as state and federal emergency and law enforcement agencies.
“Conducting these exercises highlights the strength of the cybersecurity structure that exists within the state and underscores the work that’s been accomplished over the past three years by Indiana Governor Holcomb’s Executive Council on Cybersecurity with our partners in the military, academic, public and private sectors,” said Indiana Department of Homeland Security Executive Director Stephen Cox. “Most importantly, it represents the progress with cyber that’s been achieved on behalf of all Hoosiers when we approach cybersecurity as something that is not solved by one entity alone, but by everyone at all corners of the state.”
Having a playbook is especially crucial, given the fact there are not only a seemingly endless number of situations in which a cyberattack or incident can occur, but there are all kinds of circumstances and variables that can interfere with a cyber team’s strategy for protecting its systems.
When Water Runs Out…
A water utility being attacked is not only scary to every city in America, but the reality of it also happening is real.
The Cybersecurity and Infrastructure Security Agency (CISA) has partnered with the State of Indiana and the City of Fort Wayne to exercise how state, federal, mutual aid, and local government would work together in a long-term cyberattack that eliminates the supply of water from the city, with a special emphasis on the secondary effects for the city’s hospitals.
As the Cybersecurity Program Director for the State of Indiana, there’s no question cybersecurity impacts every aspect of our daily lives. As we’ve seen with recent cyber incidents – everything from pipelines to water utilities to schools and hospitals – a cyberattack can create substantial effects and damage to our community and our critical infrastructure, disrupting our daily lives and safety.
When Natural Disasters Hit…
Following the completion of the tabletop exercise, a second cyber exercise as part of a full-scale functional exercise hosted by the Indiana National Guard for first responders and several military branches as well as search and rescue teams at the Muscatatuck Urban Training Center.
The grounds of the 1,000-acre facility, located in Southern Indiana, is a real city that includes a built-in physical infrastructure, a well-integrated cyber-physical environment, an electromagnetic effects system and human elements. There are more than 190 brick-and-mortar structures with roughly 1.5 million square feet under roof, 1.8 miles of subterranean tunnels, a cave complex, more than nine miles of roads, managed airspace, a 185-acre reservoir, and a cyber live-fire range.
The focus of the Indiana National Guard exercise centered on measuring how federal, state, local and private sectors respond to a devastating earthquake.
“We really need to prepare now for these acts which we’ve already seen here in Indiana and across the world,” said Ron Pelletier, founder and chief customer officer at Pondurance, a cyber security company. “When natural disasters hit all parts of the world, we are seeing more and more targeted cyberattacks in those affected areas. Investing now in preventative measures is the best way to avoid situations like that from becoming worse. It comes down to planning to avoid cyber breaches but being prepared to respond.”
As emergency and military teams respond to the effects of the earthquake, the Indiana National Guard also tested the additional response of its incident command leadership while the cyber experts from IU Health, Citizens Energy Group, and Pondurance made the efforts more difficult by attacking the water supply in the aftermath.
It’s Not “If” But “When”...
Pelletier added that Pondurance hopes disaster drills, such as these two, will raise awareness among policy makers to help fund security programs and protocols. “National, state, and community security is truly at risk here, and we need to take action now to preserve it. Waiting for the dam to burst before you repair it is a terrible maintenance strategy, and that’s exactly the situation we have here across power grids, water supplies, healthcare, you name it.”
Having the ability to draw on the resources and expertise required at a moment’s notice to keep people safe in the event of a cyber incident or attack relies on making certain that the state and its partners have a line of communications that’s always open to make sure the State of Indiana provides a response that’s most effective, regardless of the circumstances.
Many of those who are participated in both state exercises also serve on the Indiana Executive Council on Cybersecurity (IECC). As defined in Executive Order 17-11 from Indiana Governor Eric Holcomb, the IECC is a first-of-its-kind collaboration, whose work as an organization within state government, is responsible for guiding the state’s cybersecurity policy, It is comprised of 35 Council members and 250 advisory members, all of whom are subject matter experts represent a wide range of businesses, industries and professions, including education, finance, utilities and insurance, among many others.
The State of Indiana and its partners offer best practices, guides, toolkits, and resources to allow all organizations and critical infrastructures to mitigate, but also prepare for a cyberattack. For more information about the IECC or the State of Indiana’s Cyber Strategy, visit www.in.gov/cyber.
For more information about CISA’s cybersecurity services and resources, visit www.cisa.gov.
Cyberbullying: It's Not Just the Kids
Wednesday, September 22, 2021
By Chetrice Mosley-Romero
If you’ve ever been around someone, whose solution for solving a problem, is, simply, to blame it on “the kids” and act as though it’s a problem that doesn’t affect adults, you’ve just described some of the challenges that exist in dealing with cyberbullying.
Living in a digital age, as we do, technology enables us to do a lot of things online that makes our lives easier, as well as safer and more secure. Unfortunately, as we know, cyberbullying is something that’s made its way from the school playground or, for adults, while working at a job or as part of their personal life to (and from) anywhere in the world.
Cyberbullying is defined as “an act of harassing or causing harm to someone using a digital device (cell phone, computer, tablet, mobile device, etc.) to send, post, or share negative, harmful, false, or demeaning content about someone else”. It occurs through SMS, text messaging, and apps, or online in social media, chat rooms/forums and emails. It also takes place in online video gaming where people can view, participate in, or share content. It also includes sharing personal or private information about someone else to embarrass or humiliate them or damage their reputation. At its worst, cyberbullying crosses the line into unlawful or criminal behavior.
Often times, when we hear about cyberbullying, it involves children, teenagers, and young adults. A lot of that may not come as a surprise, given the fact that 95 percent of teens in the U.S. are online and 60 percent of young people say they’ve witnessed online bullying.
That being said, it’s not just the kids.
In a study entitled “How Common Is Cyberbullying Among Adults? Exploring Gender, Ethnic, and Age Differences in the Prevalence of Cyberbullying,” research showed that almost 15 percent of the participants had ever been a target of cyberbullying before, with 2.2 percent reporting such experiences within the past month. Young adults (18-25 years) experienced the highest levels of cyberbullying (during both the lifetime and past month time frames), but substantial lifetime cyberbullying was reported by older age groups as well, including those 26-35 years (24 percent) and 46-55 years (13 percent), up to the 66+ age group (6.5 percent).
What’s the Solution?
Fortunately, there’s a lot of good information available from a variety of trusted resources – with just a few clicks – to help you deal with cyberbullying, including:
- HealthyChildren.org – Powered by the American Academy of Pediatrics, it’s a website for parents and families, whose mission is centered on the physical, mental, and social health and well-being for all infants, children, adolescents, and young adults.
- Security.org – Includes the latest facts about cyberbullying, including a video to help parents, and more.
- Federal Trade Commission – https://www.consumer.ftc.gov/articles/0028-cyberbullying
- StopBullying.gov – https://www.stopbullying.gov/
- Teacher.org – http://www.teacher.org/resource/bullying/
There’s also help out there for adults. For the same reasons that we’ve become more dependent on technology, it can be even more complicated, adults can be far more adept at hiding their online identity. As we get older, there are many ways to be bullied, including such as doxing, and swatting that can lead to dangerous situations and profoundly impact someone’s mental health.
Just as the song says, R-E-S-P-E-C-T is something we all can do, as kids and adults!
Cybersecurity for Education Toolkit - A Great Online Guide for Indiana's School Communities
Wednesday, September 15, 2021
Whether you’re in Cannelton, Crown Point, or Carmel, cybersecurity is the link that helps our school communities – across Indiana – continue to be strong and protected while staying connected.
At a time where we’re spending, some days, as much time being together virtually, as we do – in person – with one another, cyber is a tool that’s crucial for helping to educate our children and young adults. And regardless of the important role you play, the Cybersecurity for Education Toolkit is a FREE, turnkey resource; saving you precious time as you focus on the rapidly increasing challenges that are taking place in education as another school year gets underway. It is for everyone, including:
- Superintendents and school board members
- Teachers, staff, and administrators
- Students of all ages and their families
- Every person who lives in a school community
Created in 2020 by the Indiana Executive Council on Cybersecurity (IECC) and the Indiana Department of Education (DOE), the Toolkit is an easy-to-understand resource, complete with tips and helpful information to make sure everyone in education is cybersafe and practicing good habits that will help:
- Students protect their identity and schoolwork
- Teachers and staff manage their lesson plans while keeping safe their student’s data, including their grades and assignments
- Administrators protect their students and keep their facilities secure
- Members of the public can engage and communicate with schools and educators
It’s National Online Learning Day and the guide is easy to use to take advantage of all the articles, images, tips, resources, and social media posts, as needed. In addition, we invite you to visit the Indiana Cybersecurity Hub website. There you’ll find even more materials – updated regularly – that will help you with everything from tips on maintaining good cyber hygiene to the steps you should take if you are the victim of a cybercrime.
There’s also lots of cyber-related information for teachers and students, including resources and programs for pursuing a career in cybersecurity. Soon, we’ll be updating the Toolkit with even more of the latest materials and resources to help everyone in your school community keep pace with today’s ever-changing cyber world.
PREPARED TO PROTECT IN A CYBER DISASTER
Friday, September 10, 2021
September is National Preparedness Month and this year’s theme is “Prepare to Protect. Preparing for disasters is protecting everyone you love”.
If you think about it, even for a minute, it’s a lot to take in. And, as we’ve discovered that disasters, sadly, come in all too many forms.
If you’re a part of an emergency management agency (EMA) – regardless of the size of the community you serve -- you already know that everyone, it seems, is counting on you to do it all; everything from prevention, protection, mitigation, response, and recovery, whether it’s natural, man-made, or an act of terrorism, including a cyberattack.
Keep in mind, too, that a disaster – these days – goes beyond the physical elements that we’re used to dealing with in emergency management, instead it’s now compounded by a cyber incident or an attack. Bottom line, it has the potential to make a bad day so much worse.
Fortunately, here in Indiana, there exists a “playbook” that’s designed to take out some of the complexities related to cybersecurity while, at the same time, providing an invaluable resource with the tools to help people stay protected, as much as possible.
Known as the Indiana Emergency Manager Cybersecurity Toolkit, it was developed by the Indiana Executive Council on Cybersecurity (IECC) and is organized into four main sections, including:
- A survey to assist emergency managers in working with their partners to develop emergency and continuity of operations plans;
- Cybersecurity incident response plan template;
- Training and exercise guide; and
- Additional resources to help deal with new and pervasive threats.
It’s FREE and we invite you to download the full Emergency Manager Cybersecurity Toolkit today! It can be used a as a complete guide or piece-by-piece, depending on how detailed you want to go with your planning and what you would do in the event your organization experiences a cyberattack or incident.
For more information related to emergency response and recovery, visit the Indiana Cybersecurity Hub. And be sure to come back to the site for the latest information and updates to the Toolkit!
National Matchmaker Day Celebrates Romance, Reveals Complexities of Finding Love Online
Tuesday, August 31, 2021
Looking for love and finding that “special someone” is an experience – not unlike a lot of things in life – comes with a lot of emotion. If you’re someone who’s found love online, congratulations!
According to Vox – Tinder, already being the most downloaded app in the world, recently hit three billion swipes in one day and it has continued to surpass that number 130 more times since March of 2020. Activity is only increasing on dating apps like Tinder, Bumble and Hinge. Likewise, the frequency of people experiencing an invasion of their privacy is rising, not only with the companies storing your information, but from other users as well.
While the goal may be to find love, instead many come across romance scammers attempting to trick them, especially if it could lead to sending money.
Interacting with unreliable dating profiles can create some complications and complexities, since users are more than capable of creating fake dating profiles. Romance scammers often communicate with targets on other platforms as well, as a way of building someone’s trust, even as they create a false relationship and the appearance of being financially stable.
The FTC further notes that romance scammers often lie about living or traveling outside of the United States; working on an oil rig, being in the military or even working as a doctor with an international organization.
Regardless of other users’ intentions on these popular dating sites, you should be your most authentic self not only when it comes to your dating profile, but when you are communicating with other users as well. One organization, Get Safe Online, recalls just how to go about being authentically you on these dating sites in a safe manner:
- Choose a username that doesn’t let everyone know who you are by not including information like your last name or where you work;
- Remember that overly provocative or controversial usernames could attract the wrong users;
- Don’t include contact information such as your email address, home address or phone number in your profile or as part of any initial communications;
- Stop communicating with anyone, who tries to pressure you or trick you into sharing your personal or financial personal or financial information;
- Avoid accessing your account from a public or shared computer, so that others can’t view or record your password or any personal information;
- Be wary of opening any email attachments from someone you have only just met and;
- Ensure that you keep your internet security software up to date
With the impact created by the Pandemic and the importance of social distancing, online dating has become a hot spot for making a connection involving everything from finding love to just getting to know someone you can confide in and trust. Even in circumstances that make it seem as though someone has good intentions, it’s a good idea to always be wary of what is in someone’s dating profiles. And always be cautious when it comes to meeting anyone on an app or as part of any online chat.
We encourage you to still think positively about the possibility of love, but also to be proactive when connecting with someone. To learn about how to protect yourself online, visit the Indiana Cybersecurity Hub; it features lots of important resources to you’ll find helpful for protecting yourself, as well as your family, and friends!
Helping Senior Citizens Stay Safe, Avoid Online Scams Is Good For All of Us
Thursday, August 19, 2021
August 21st is National Senior Citizens Day! According to Statista, 75 percent of adults 65 and over frequently use the internet. For some perspective, the World Wide Web, as we know it, is only 30 years old. That means this group was already working age adults and most likely didn’t have the opportunity to learn the ins and outs of the internet.
In today’s ever-changing society, cybersecurity is a priority regardless of age, however senior citizens are more often targeted by scams due to a perceived vulnerability and that they most likely own a home and have some financial savings. Elder fraud results in more than $3 billion in losses yearly.
Seniors are also less likely to report fraud because they either do not know how to do so, who to contact, or they feel ashamed of being scammed. So how can we protect our elders or help them protect themselves? Here are a few easy ways to avoid scams and fraud targeted at senior citizens!
To get started, it’s important to understand what types of scams that are out there, including:
- Romance – often referred to as “catfishing” -- using a false identity to pose as someone interested in a relationship on social media.
- Tech Support – a scammer takes control of a person’s laptop or mobile device and posts a message on the screen to call “tech support” and uses the so-called technology problem – that doesn’t exist – to steal someone’s money.
- Grandparent Scam – posing as a grandchild in need of immediate financial support
- Government Impersonation – posing as a government employee seeking demand for a payment to avoid being arrested or prosecuted.
- Lottery/Sweepstakes Scam – misleading someone to believe they have won a lottery or sweepstakes so long as they pay a “fee”; sometimes they’ll say that the person was entered in the contest by someone else.
To help avoid falling victim to these scams, it’s a good idea to follow a few simple tips:
- Resist acting quickly. The sense of urgency is key to a lapse in judgement, call the authorities if you have your suspicions
- Any unsolicited activity is a red flag
- Never share any personally identifiable information online
- Keep all anti-virus and security software up to date.
- Use a password-protected firewall
- Avoid opening any email attachments from people you do not know; simply delete it
If you believe that someone you know has been the victim of elder cyber fraud, contact your local FBI field office or submit a tip online. Remember to keep any emails or documentation you can to help provided a detailed report of the scam. Remember, too, to not engage in conversation with anyone you think is trying to scam but keep the emails, texts, etc. to help stop them. If you or a loved one in Indiana are a victim of identity theft you can go here for resources on what to do next.
Let’s all do our part to protect our senior citizens today, tomorrow and every day of the year. We’re all in this together and, together, we can keep our cyber spaces friendly, productive, and safe for all. For additional information, visit the Indiana Cybersecurity Hub for the latest cybersecurity news, resources and trends, check out our cyber tips page and follow us on Twitter and Facebook.
The Ultimate Chocolate Chip Cookie Recipe - Protecting Your Privacy
Wednesday, August 4, 2021
“By continuing to browse or by clicking ‘Accept’, you agree to the storing of cookies on your device.”
When you go online, you’re prioritizing your personal recipe of which ingredients will pertain to your wants and needs during that specific time. Well, associations are thinking of their own recipe online as well. They prioritize their ingredients of wants and needs when they put out their information online. These associations’ websites are eating up your privacy and security.
Cookies aren’t just delicious desserts, but pieces of information saved about you while you’re online. Vox explains that if you go to a weather website and type in your zip code, the next time you visit that website it will remember your location – simply because of first-party cookies placed by that website. Third-party cookies, on the other hand, are often sold to advertisers tracking you, even after you leave that website.
The FTC offers vital information to help ensure you understand the purpose of cookies and a step-by-step recipe for protecting yourself online, including:
- Changing the privacy settings for your browser, smart phones/mobile devices, and Internet-connected TV
- Opting out of targeted advertising
- Considering using an ad blocker
- Opting out of data brokering sites that sell your personal information
Everyone loves a warm chocolate chip cookie right out of the oven, just as much as the next person. That said, businesses and organizations have a responsibility to be up front, allowing their customers to choose for themselves if cookies are tracked back to them. Nonetheless, it’s a good idea for all of us to stay educated on what we’re participating in and accepting online.
On a positive note, CNN Business explores Google’s recent pitch for the future of tracking-based web advertising; something that could be viewed as inevitable and, at the same time, is an opportunity that offers some potential. Their plan is to rely less on an individual’s browser history and more on “cohorts” of internet users with similarities. It is more crucial than ever before to not only understand how to safely navigate the internet, but to understand what exactly you are accessing and possibly giving away. Companies are willing to make effective change for your privacy, and we encourage you to be proactive in doing what you can to protect yourself.
To learn even more about privacy policies and how they work and additional resources for helping you keep your personal information secure, visit the Indiana Cyber Hub and follow us on Twitter and Facebook.
Workforce Development Opportunities in Cyber – It’s About (Way) More than Ones and Zeroes
Thursday, July 29, 2021
Today is National Intern Day and Indiana Intern Day; a day for the companies and organizations (and really all of us) to celebrate, empower, encourage and recognize the contributions and hard work of the people, who are spending their summer or part of their school year using their unique talents to gain the experience that’s needed for finding a job and getting started in a career.
It’s been my experience that the quality of the work and the contributions that are made by someone, working as an intern, are not only meaningful, but it’s also an important factor in some of the success we achieve as an organization. In other words, no one’s spending their time making coffee or running errands.
In the world of cybersecurity, the outlook for employment and workforce development is wide open. According to CyberSeek.org, there are currently 465,000 cybersecurity jobs available in the U.S., including more than 4,000 in Indiana.
And while the majority of the positions are IT jobs and requires a certain level of technical knowledge, there’s an abundance of cyber jobs and careers that aren’t as complex and, instead, involves a background related to using strategic communications skills, including work in public relations, graphic design, and marketing, among others. Add to that, fully 30 percent of the professionals working in cybersecurity come from a non-technical background.
As the Cybersecurity Program Director for the State of Indiana, our team of interns, this summer, includes three college-age students. Together, Angelica, Hailey and Zach have contributed to the content featured in this blog; and they are also responsible for creating many of the images and illustrations and the information we share on our website, as well as on Twitter and Facebook.
Among the observations they’ve made is the recognition that the work they’ve done in cybersecurity “…goes way beyond ones and zeroes,” adding that “…without human beings we wouldn’t need cybersecurity in the first place. People created issues like identity theft, third-party cookies, ransomware and so much more. But on the other hand, without human beings we wouldn’t be able to unite as an online community to help ourselves and others understand and resolve these issues through the use of cybersecurity”.
There was also the shared experience of being somewhat intimidated, at first, by the word “cybersecurity” and the depth of knowledge someone would have to possess to do the job. Instead, it was their experiences that it is a topic from which you can learn about – based on your own personal experiences. But, because it is so vital to protecting ourselves, all it requires is having an open mind and understanding how it can be applied as a part of our daily life.
In addition to the skills and experiences they gained from their internship, it’s important, too, to acknowledge some of knowledge, as a staff, we learned from them about cyber and how it can be applied; simply by viewing it from the perspective whose life, from a much earlier age, was influenced by technology.
Or, how an illustration, a podcast or a well-organized review of a strategic plan can be conveyed to others as part of our cybersecurity program for the benefit of all Hoosiers.
National Be Someone Day - An Opportunity for Protecting Children, Teens Online
Wednesday, July 21, 2021
July 21st is National Be Someone Day. Each year, this day challenges each of us to take a little bit of time out of our day to make a difference in the life of a child. As society continues to grow to an online setting for, seemingly, everything we do, it is important that we do everything we can to protect children online.
There are always challenges that come from our friends, even family members, or other people with whom we communicate with online, whose requirements for being verified – at any given moment – is an issue that causes us concern. Maybe it’s as simple as someone coming to you saying their old account got hacked, so they made a new one. Or it could be something much more complex, with someone you don’t know trying to set you up with a phishing scam. The same measure of risk is there for our kids when they’re online.
A good way for determining the true identify of this person online would be like what you would tell children and teenagers about strangers. Ask them a question that requires an answer that would be hard to find online, such as a middle name, or the name of a sibling, or even the name of one of their pets. You could even develop a phrase for your children to use that anyone who might want to connect with them needs to know.
Norton security offers some helpful tips on how to protect your kids online, including:
- Following the recommended age limits for apps, such as Instagram, Facebook, etc.
- Visit and learn more about the sites yourself before letting kids on
- Check the privacy settings of each site
- Check device settings and manage them yourself
- Set clear rules for your children
- Educate your children on what to look for in scams or “catfishing” attempts
The other way to “be someone today” is by maintaining a strong security plan to help guide a child’s or teenager’s online experiences. In addition to needing the internet for school, it’s likely they’ll be using a phone, laptop, or other type of a mobile device – just for fun - that connects to the internet, even video games.
Along the way, they’ll be interacting with people in each of those categories. If they’re at home, it’s important to always make sure that the router or Internet connection you’re using is secure. It’s a good idea, too, to take the time to educate them about protecting themselves and being safe whenever (and wherever) they’re online. Make sure that you are aware and monitoring any accounts or apps they are using. Depending on their age, you probably have more experience on the internet than they do; you know the warning signs. As they get older, that’s likely to change, but you can help with that by always encouraging them to communicate any concerns or suspicions they’ve experienced while on the Internet.
Today is a day all about making a positive impact on the lives of children. The internet and cybersecurity are a prime example for demonstrating how to “Be Someone” and providing a positive influence in young lives of those around you.
Cybersecurity 101 Back to the Basics
Monday, July 12, 2021
Today is National Simplicity Day!
To celebrate, it's a great time to learn more about making cybersecurity simple (and easier...) to understand for you and the people in your life.
To be sure, cyber is a topic that comes with its complexities, with many components to understand and put to practice. At the same time, it’s something that’s essential for all of us, as individuals, parents, business owners, educators, students, politicians, healthcare professionals and the list only continues. And, as never before, it's important; think of it as one of the things all of us have in common, in terms of our everyday life experiences.
The Cyber Security Magazine simply notes that cybersecurity pertains to protecting data, devices, programs, systems and networks from cyber threats and attacks. Now, let’s break that down by asking where do cyber threats and attacks come from and how do they affect you?
Cybint expresses that fully 95 percent of cybersecurity breaches are actually caused by human error and regardless of your technological skill set, you could very well be a part of that statistic.
A skill-based error consists of small mistakes taking place during familiar tasks. On the other hand, decision-based errors occur when the user makes a faulty decision because there is a lack of information. Opportunity, environment and lack of awareness are all factors that play into the commonality of human error.
Now, if you previously guessed correctly that society causes cyber threats and attacks, then you probably already have a grasp on the concept that society can be the solution as well.
Ready helps explain how to deal with a cyberattack by offering tips throughout the entirety of the process, as well as helpful information related to COVID-19. Here are the simple, preventive cybersecurity steps to take:
- Have privacy settings and do not use location features.
- Keep software applications and operating systems up to date.
- Use a password manager and two-factor authentication.
- Think before you click, and when in doubt don’t click. Do not provide personal information.
- Use encrypted Internet communications.
- Protect your home and/or business with a secure Internet connection and Wi-Fi network.
- Use a stronger authentication, like a PIN or password that only you would know.
- Check your account statements and credit reports regularly.
- Use a Virtual Private Network (VPN) that creates a more secure connection.
- Use antivirus solutions, malware and firewalls to block threats.
- Regularly back up your files in an encrypted file.
- Change administrative and Wi-Fi passwords regularly.
While the goal of the lesson today is to break down the heavy and complex topic of cybersecurity, the learning doesn’t stop here. Technology and cyber are constantly evolving, so staying educated and embracing constant changes allow for safety to be a priority, personally and publicly.
Now, for homework, I invite each of you to assess cyber knowledge with one of our online safety quizzes and stay updated with our informative resources on the Indiana Cybersecurity Hub. With technology being more accessible than ever before, the end goal is to make cybersecurity not only simple, but (even more) a part of your daily routine!
Confessions of a Chocoholic
Wednesday, July 7, 2021
Technology is like chocolate: People crave and indulge in the sweetness and richness of it all, and it comes in a variety of forms. As Forrest Gump famously noted, “life is like a box of chocolates. You never know what you're gonna get.”
Not long ago, I received an abnormal notification of suspicious activity at a chocolate store I had never visited before, and I knew that this was one of those “surprises” (and not a good one) in the box of chocolates that Forrest Gump was referring to. Living by the rule of thumb – don’t trust, always verify – I confirmed my identity with two-factor authentication and contacted the credit card company immediately to decline the purchase that was made using my card. It really goes to show that there are tools out there to prevent credit card fraud and identity theft from happening to you, too.
Debt.org provides a good explanation of the distinction between falling victim to credit card fraud and identity theft. Identity theft can seep into personal areas within your lifestyle like banks, telephone companies, government records and insurance companies. Often times, these criminals start with a few minor transactions here and there – like the one I experienced – to suspect if the real credit card owner could possibly notice before successfully impersonating you.
What is valuable to you could very well be valuable to someone else because information is key. It is important to stay updated on accounts and companies that have your personal information more than once a year. As not only the cybersecurity program director at the Indiana Office of Technology, but also as a victim of identity theft, it is important to remember that this can happen to anyone.
AARP highlights that identity theft cases reached 1,387,615 in 2020, and the numbers only increase every year. Those who are complacent, believing they could never fall victim to identity theft, most likely already have and are the most vulnerable when it comes to this type of issue. The FTC shares helpful tips on being proactive with sharing personal information, including:
- Only share account numbers on the phone with reputable companies and if you’re unfamiliar with them, do an online search first for reviews or complaints.
- Carrying only necessary cards can minimize your losses if your wallet or purse is stolen.
- Always keep your eye on your card during transactions.
- Never sign a blank receipt; Draw a line through any blank spaces above the total.
- Save your receipts and compare it with what’s on your monthly statement.
- Open your bills promptly and match them up with the purchases you’ve made.
- Report questionable charges to the card issuer.
- Notify your card issuer if your address changes or if you will be traveling.
- Don’t write your account number on the outside of an envelope.
Although cybersecurity education is a part of my job description, I am passionate about it as well. I have witnessed people lose their businesses and their livelihood firsthand because of identity theft, and I have been a victim myself. Additionally, as a chocoholic, I can ensure you that just like chocolate, simple unique passwords and just a few seconds of two-factor authentication can ensure a sweet impact on your life.
National Social Media Day: Having the Time of Our Lives
Wednesday, June 30, 2021
Today is National Social Media Day. A reason to celebrate, right?
It might be safe to say that the party’s already started; especially when you consider that in 2020, people in the U.S. spent an average of more than two hours every day on social media networks. Worldwide, the average is nearly half an hour longer at 145 minutes.
And, while this might be the perfect excuse to round it up to three hours, CISA provides a few tips on how to stay protected while connecting with others on social networks. Another great resource is the National Cybersecurity Alliance, whose advice covers everything from securing your devices to what you need to do with all of the “links” that show up in our social media feeds, and more, including:
- Knowing who’s (really) your friend – Social networks can be used for a variety of purposes. Some of the fun is creating a large circle of friends from many aspects of your life. It’s always good to use the tools on Twitter, Facebook, Instagram, etc. to help manage the information you share with your friends in different groups or other online pages.
- Feeling uncomfortable? Be honest – If a friend posts something about you that makes you uncomfortable or seems inappropriate, let them know. Likewise, keep an open mind if someone says that something you’ve posted makes them uncomfortable.
- Once posted, always posted – What you post something online, it stays online forever. Keep in mind, too, that recent research found that 70 percent of job recruiters rejected candidates based on information they found online. Maintaining your online reputation can and, often does make a difference.
- Keep your personal info personal and maintain your settings – Be cautious about how much personal information you’re sharing on social networking sites to avoid being a victim of identity theft. It’s OK, too, for you to control your privacy settings and control what you see on social media and what you don’t see.
- When in doubt, throw it out – These days, there are ALL kinds of links in our emails, tweets, posts and even text messages and online advertising – much of it through our social media accounts -- that are used by cybercriminals to take advantage of you. Even if you think you know the source and something looks suspicious, don’t click on any of the links and delete it.
Having fun while staying safe online is a real reason for celebrating National Social Media Day. Make a day of it by changing your passwords, or better yet, reach out to your friends and post something that’s positive and fun.
But, if you’re wondering just how much social media influences (seemingly) every aspect of our lives, a recent report found that people spend an average of six years and eight months of their entire life on social media.
Of course, if that sounds like a lot, compare it to the one year and eight months we spend doing housework!
Rising Cybercrime Creates Growing Opportunity for Skilled Professionals
Wednesday, June 23, 2021
According to the Center for Strategic and International Studies, cybercrime is costing the global economy $600 billion per year. Denial of service, malware, ransomware, phishing and digital identify theft are but a few of the examples of tactics used by cyber criminals to create disruption of service. “The average cost of a data breach is now $3.86 million, and, on average, it takes 280 days to identify and contain a breach. And the costs continue to rise.
These cyber threats require constant awareness of our digital footprint. Countries, businesses, and individuals live with the advantages that technology puts at our fingertips, but it also multiplies the risk exponentially.
This backdrop has led to an exponential increase in the number of roles and jobs needed in this already high demand field. The gap for the critical skills to identify, contain and recover from a breach continues to push the need higher for cyber security skills. This has created the market for job opportunities and options.
Cybersecurity is one of the most in-demand skills across all industries. There’s a huge gap that exists between the continued high demand for cybersecurity professionals and the ongoing shortage of talent. In fact, Frost & Sullivan predicts that the growing gap between available qualified cybersecurity professionals and unfulfilled positions will reach 1.8 million by 2022.
Everyone, and especially women, can thrive in this field because it provides an expansive roadmap of opportunities and options. This is a field that requires constant learning and engagement. Which also means this is a great field to work in from remote locations. No day-to-day reporting to work 9-5; instead, many cyber security jobs provide flexibility and adaptability. For those who have expertise in many of the highly specialized disciplines, this could be a dream job.
Opportunities for remote work, lots of travel or limited travel, team-engagement, and on-going skills development are all key variables for those who are highly successful in these roles. With great need comes great options: public sector or private sector, urban or rural, small or large companies, or domestic or international work. Even more options are being added daily based on the growing need for this global skill.
There are many tools showing the roadmap from entry level skills to more senior positions. The benefit is seen in more and more real-life leaders where women are the cyber security heroes of the story. One such hero is IBM Fellow Rhonda Childress who recently shared her story with students about what she and her team do in aiding IBM clients around the globe. Another hero is IBM’s Heather Ricciuto, who is lead IBM’s messaging working with students to enable them to see the benefits of going into cyber security fields.
Technology is indeed providing more high paying job opportunities for the right talent with the right skill. If you want to explore cyber security as a potential area of interest, there are three steps you can take right now:
First, Cyberseek is an outstanding tool to define what some of the specific job titles are in this space and where they fall on the experience spectrum.
Second, check out the resources on the Indiana Cybersecurity Hub. Especially if you are in Indiana, but even if you are elsewhere because the resources in many cases can be used not only by those in Indiana, but as well by others, or as a model for others to consider.
Finally, if you are connected with any accredited academic institution (middle school, high school, college, etc.), use your school email address and sign up for IBM’s Getting Started with Threat Intelligence & Hunting Course and get one of your first cybersecurity badges.
These are your first three steps in an exciting journey! Lead the way Superwomen!
June is National Men’s Health Month!
Wednesday, June 16, 2021
June is National Men’s Health Month!
When it comes to improving our overall health, it seems as though there’s always lots of great information out there for improving your diet and, maybe, exercising a little more. At times, it can be overwhelming and it’s not always easy to know where (or how) to get started.
June is National Men’s Health Month; the perfect time (right?) to change it up a little bit and feel as though you’re starting to make some progress. And, as you do, it’s a good idea to also think about improving your personal cyber health and well-beingMore than ever, IoT (internet of Things) devices connect to us to every part of our daily routines. The same is true for the equipment we use to get in shape – everything from bicycle machines (with access to virtual workouts using a camera and microphone) to wearable fitness trackers, even treadmills.
How popular are these devices? Consider a recent study revealed that 18 percent of men use a smart watch or a fitness tracker. Add to that, there are all kinds of data – about you – that can be tracked through these devices. To be sure, it’s a great way to measure how you’re doing, but you’ll want to follow a few easy tips for staying safe online before starting your workout, including:
- Creating a guest network for your critical devices
- Updating the software on a regular basis and making sure it is password protected
- Researching the security of any devices before making your purchase
- Disabling any unnecessary features, keeping those that maximize your workout while taking away anything that poses a risk
Now that you’ve got a great reason to get out there and feel better about your health and your cyber fitness, have fun with it!
The Shared Responsibility as Digital Citizens - Checking in on a Friend
Tuesday, June 8, 2021
It is one thing to constantly educate yourself with ongoing cyber changes and updates, but it is an even greater responsibility as a digital citizen to take others' actions and decisions online into account as well.
Forbes dives into this shared responsibility of digital privacy and cybersecurity by comparing individuals who confidently drive to the airport without wearing a seatbelt, but then worry the plane they will be boarding may crash. Similarly, when we are online there is a combination of things we can and cannot control. Most often times, the opportunities we are in control of can truly make or break our overall safety.
As digital citizens, we can use today, National Best Friends Day, to start the conversation and make sure our loved ones are aware of the many dangers the internet can pose, along with the circumstances that are in our hands and the precautions that can be taken.
Friendship is not only a choice, but a reliable relationship based on a mutual understanding, love, and respect. The National Cybersecurity Alliance mentions that four in 10 American teens sought help from a friend because of a negative experience online -- based on a study sponsored by Microsoft, in which 813 teens and 809 parents of teens were polled. Friends can be the most valuable resource because they are willing and able to actively listen, allowing safety check-ins to truly resonate.
Regardless of sharing helpful information and concerns with either virtual or real friends, it is important to always stay alert and cautious; especially when engaging in social networks because of its significance in our everyday lives of connection and interaction. ACA Compliance offers helpful cyber conversation starters to have with your loved ones, including:
- Understanding where personal information can be shared online
- How to identify phishing and vishing scams, and knowing the protocol as a victim
- Staying on top of software updates and patches because they are constantly changing
- Getting access to endpoint protection and/or antivirus software
- Knowing when to avoid or engage in software downloads
- Using Wi-Fi security at at home and in public places
- Characteristics of strong passwords and enabling multi-factor authentication
- Protecting your data with internet-connected device security
- Properly disposing of old devices that hold personal information
Every day, individuals are actively choosing to believe that cybersecurity attacks will not happen to them personally. It is important to recognize that personal decisions online really do contribute to the overall safely of all individuals behind their screens. Although we may not be able to control everything that occurs on the internet, we can be a good friend today and everyday by checking in and decreasing potential online threats.
It is more crucial than ever before to check in on your loved ones and befriend cybersecurity as a way to help protect those close to you whenever they're online. For additional information, visit the Indiana Cybersecurity Hub for the latest cyber news, resources, and trends, check out our cyber tips page and follow us on Twitter and Facebook.
Whether You're Relaxing, Working or Attending School - Cybersecurity Starts at Home
Thursday, June 3, 2021
JUNE IS NATIONAL HOMEOWNERSHIP MONTH
"The ache for home lives in all of us, the safe place where we can go as we are and not be questioned" -- Poet Laureate Maya Angelow
June is National Homeownership Month. And it's safe to say, within the past year, our homes have become so much more than, simply, the place where we live.
For a lot of people, our commute to work is taking us down a hallway, rather than a highway. And if you have children, you've already experienced what it's like to turn your living room, den or, perhaps, a bedroom, into a classroom.
Throughout it all (even now...), an important part of protecting our home is making sure everything from our laptops and routers to all the devices and systems connected to the Internet -- within our home -- are as safe and secure as the locks we have on our doors and windows.
At a time when the number of internet connected devices is expected to increase from 35 billion in 2021 to 75 billion in 2025, many homeowners are doing what they can to balance being comfortable and preserving their peace of mind with the necessity for being safe and secure whenever they're online. In fact, 127 new IoT (Internet of Things) devices connect to the Internet every second.
Maintaining your home's cybersecurity starts with seven helpful tips that are easy and effective and includes:
- Installing a VPN (Virtual Private Network)
- Hiding your IP address and encrypts data traffic over a secure network to prevent access to your personal data/devices.
- Locking Your Devices with a Password or PIN
- Preventing access to your laptop, tablet or mobile device.
- Changing the Name of Your Wi-Fi Network
- Avoiding the use of the name/model number of your router or using personal information as part of the name of your network.
- Changing Your Network's Default Password
- When creating a unique password, use at least 20 characters and a combination of letters, numbers, and symbols.
- Changing Your Network Administrator's Credentials
- Manufacturers often use the words "admin" and "password" as the username and password of their router's administrator page (making it easy for anyone to guess it).
- Placing Your Router in a Secure Position
- Router positioning helps with signal strength and placing it in the middle of the house avoids having the signal spill over to areas outside your home.
- Turning Off Your Wi-Fi When It's Not in Use
- Leaving Your Wi-Fi on at all times provides more opportunities for cyber criminals to break into your network; it also saves energy and offers more protection.
Whether you own or rent your home, keeping everyone cyber safe is another reason to celebrate and adds to your quality of life whether you're at home just to relax, you've got work to do, or there's a homework assigned that needs to be finished.
Going on a Road Trip? Vacation? Be "cyber safe" - What to Know Before You Go
Thursday, May 27, 2021
Beginning today, more than 37 million Americans are expected to drive, fly or catch a train during the five-day Memorial Day weekend, according to AAA.
As part of this annual kickoff to summer, Friday is National Road Trip Day. Created in 2019, Pilot Flying J -- the largest travel center operator in North America -- is credited with creating this "holiday" as a way to provide people with the essentials of food, drinks and fuel; everything they'll need to get to where they're going.
In getting ready for your trip, when it comes to making sure you follow some important cybersecurity tips, you'll want to keep in mind the advice first shared WAY back in the 1970's for the American Express Card and its travelers' checks and, more recently, featuring comedian Jerry Seinfeld -- "Don't Leave Home Without It".
- For starters, avoid posting on social media that you're leaving town or while you're traveling
- Criminals can steal your personal and financial information -- not only while you're away, but even after you arrive back home -- by accessing not only your computer router, but also through a host of internet-connected smart devices, such as your thermostat, HVAC system or voice-assisted products (think Siri, Alexa, Google Nest) and more.
- If a cyber criminal gains access to your social media pages, they can also track your location and use that information to break into your hotel room or know when it is you'll be coming back (potentially increasing the opportunity for identity theft).
- By staying off social media during your trip, you'll also avoid giving away the location for where you are or even where you're not.
- Wait until you're back home before sharing any details or photos from your trip.
- Avoid using public Wi-Fi and whenever possible, protect yourself by using a VPN connection to prevent others to see what you're looking at while on your laptop or mobile device.
- Once you arrive at your destination, be sure to never leave your devices unattended in a public space or on any means of transportation.
- By doing so, you'll help prevent unauthorized access, physical theft, or data breaches.
- For additional cybersecurity tips, check out a recent story from Forbes about nine (more) steps you can take that'll help you stay cybersafe.
Along the way, you can also make it easier on finding where it is you are going, as two in five people (42 percent) find travel apps to be especially helpful when planning their vacation, as well as mapping out your stops; it's a great way to save both time and money.
Also, as the opportunity to travel abroad continues to grow again, the Federal Communications Commission (FCC) offers some great cyber-related information you'll appreciate.
So, whether you're Clark Griswold and heading to Walley World for another visit or your trip involves a visit to a beautiful state park or experience the World's Greatest Spectacle in Racing, be sure to arrive (cyber) safe and enjoy!
Cybersecurity: Essential for Protecting EMS Professionals, Patients
Wednesday, May 19, 2021
NATIONAL EMS WEEK - MAY 16-22, 2021
May 19, 2021
In its 46th year, EMS Week honors our frontline heroes, whose dedication for providing emergency care and lifesaving medicine saves so many lives every day.
Of course, with every call, there is an inherent risk to their own safety and well-being when it comes to taking care of their patients and doing everything, they can to get them out of harm's way, safely and securely.
Perhaps, it's fitting that this year's theme for EMS Week is "Caring for Our Community" and it's important that as we show our appreciation for the essential services, they provide for all of us, we recognize the fact there is another inherent risk that can have a devastating impact involving both the EMS professionals and their patients; a threat that comes from a cybersecurity incident or cyberattack.
Having a strong and resilient cybersecurity system -- maintained by those on the frontline in 911 call centers and staff who are skilled in cybersecurity and IT -- is a critical line of defense that provides protection for both the patient and EMS professional. In fact, cybersecurity is vital for helping to make sure those 911 calls get through and are answered, as well as keeping secure the equipment being used to care for a patient at the scene is working properly. It is also a critical factor for keeping the operations of an entire hospital or health care facility online.
Keep in mind, too, cyber criminals will try and steal a patient's personal data and financial information (including their bank accounts and savings), as well as their medical identity, in which someone's physical condition could be used to commit insurance fraud or worse. In one case, a New York mother was accused of having recently delivered a baby that tested positive for methamphetanine. Child protective services personnel were working to take away her children because of this accusation. In reality, another woman who had been using drugs had used the mother's stolen medical identity to pay for the birth of her child.
According to a recent article on ems1.com, cybersecurity is about manging risk. To help protect those on the front lines, there are three important practices - also known as the CIA triad - to follow:
- Confidentiality - ensuring only the people who should have access to data do.
- Integrity - ensuring that the data entered into the system is the same when it comes out.
- Availability - making sure that systems are up and running when they are needed.
Here in Indiana, cybersecurity is a high priority in keeping safe more than 24,000 EMS providers throughout the Hoosier state, who represent some 800 agencies, answering more than 2,000 calls per day. As the Cybersecurity Program Director for the State of Indiana, we are grateful for their tireless work and we encourage everyone to join in celebrating EMS Week. For more information, visit the Indiana Department of Homeland Security (IDHS) website at: www.in.gov/dhs/ems/ and for the latest cybersecurity news, resources and trends, go to the Indiana Cybersecurity Hub, and follow us on Twitter and Facebook.
Managing Your Passwords - It's Easier Than You might Think
Wednesday, May 5, 2021
TODAY IS WORLD PASSWORD DAY!
A recent article on SecurityMagazine.com reported that a Dell Technologies Brain on Tech study found when people were tasked with logging onto a a computer (or, presumably, any mobile device) with a long and difficult password, their stress not only increased by 31 percent within (just) five seconds, but it continued to rise even after successfully logging in.
Sounds familiar, right? We've all been there. After all, the average internet user in the U.S. has around 70-80 different passwords. And while each one is supposed to be unique; you might be surprised to know that the most popular password in 2019 was 12345, followed by 123456.
Of course, with more people than ever before working from home and attending school remotely, the necessity of adding strength and a greater measure of complexity to the passwords we create -- for everything from our social media and email accounts to our bank accounts, medical records, and any other sensitive data we want to keep secure -- is, to put it mildly, changing rapidly.
At the same time, you'll be encouraged to know there are a lot more "easier-than-you-think" tips, solutions, and resources available to help you make sense of it all. To get started, there's two things to keep in mind -- you'll want to make passwords that are hard to guess, but easy to remember. And the longer the password, the better -- use at least 16 characters whenever possible.
To make your digital life easier, here's some other key tips to follow, including:
- Never reveal your passwords to others.
- Be sure to use different passwords for different accounts.
- Use multi-factor authentication (MFA). It helps add a layer of protection and learn more on using it for some of the most popular websites.
- Consider using a password manager.
As we celebrate World Password Day, it's a good opportunity to look over the passwords you're using and take some time to do what you can to stay safe whenever you're online (without all of the stress).
Not all Superheroes Wear Suits
Wednesday, April 28, 2021
By Stephen Cox
Not all superheroes wear suits.
A hero to you may be someone's neighbor from down the street, or it may be a firefighter or police officer who you see often in your area. In fact, someone you may not even know is working hard for you right now to keep you and your loved ones safe.
While we know help will come if we call 911, Hoosiers from all works of life continue to work behind the scenes to protect the state from cyberattacks, volunteering their time and expertise to make Indiana stronger. The members of the Indiana Executive Council on Cybersecurity (IECC) have propelled Indiana to be a leader in cybersecurity, and today -- National Superhero Day -- it seems appropriate we recognize the work of these selfless men and women and how it has contributed to our safety every day.
For the past four years, the IECC has worked to insulate government, businesses, and individuals from cyberattacks by identifying gaps and implementing strategies. And these are not just government employees paid by the state to do the job. The council is comprised of 35 members and more than 250 advisory members who donate their time and energy to support this effort, and in the process protecting you and me.
Since my appointment as Executive Director of the Indiana Department of Homeland Security, I joined many of the IECC members in immersing myself in not only the threat of cyberattacks, but also the safeguards necessary to prevent them from occuring. This is complex work that has required the members to set time aside -- above and beyond their everyday careers -- to work hard, learn quickly, and produce results related to the Indiana Cybersecurity Strategic Plan. It is an impressive level of commitment that has had an enormous impact on our state.
With all this progress made, cybersecurity remains a growing threat to the public and private sector. Our efforts as a state will have to grow alongside this threat. The IECC and its diverse makeup is built for this challenge, and Indiana continues to make cybersecurity a priority across the board. The state has some of the smartest minds and top talent working toward a safer future.
If you were to learn more about the makeup of the IECC, you will see that "behind the masks" are dedicated individuals who are great Hoosiers. I am thankful to have them in our corner.
A "Cyber" Sign of Things to Come
Wednesday, April 21, 2021
Less than two years ago, a New York Times report included a forecast that predicted, by 2021, there would be 3.5 million unfilled cybersecurity positions globally; a statistic that seems especially profound when you consider that the figure was at just one million positions in 2014.
In the midst of this incredible demand, it seems fitting that as we celebrate Autism Awareness Month (also referred to/celebrated as Autism Acceptance Month and World Autism Month) that a California-based company announced earlier this month its participation in a program that will help grow its workforce in central Indiana by providing jobs to people with autism and other disabilities.
Ingram Micro Commerce & Lifestyle Services says the e-Stewards ADVANCE+ program will fill these positions at the company's IT Asset Disposition (ITAD) Processing Center in Plainfield. The facility is dedicated to providing services for companies needing to securely dispose of their IT equipment; a task that is particularly important, given the fact that the process requires employees to ensure that all of the data (including all files, personal identifying information, and other proprietary materials) is completely securely removed from the devices.
In a recent interview, Ryan Roudebush at Ingram Micro said, "where it's been piloted before, the employees with autism have proven to be very adept working in these types of positions." He added, "In fact, one study showed they are 98 percent productive when they're on the clock and the average employee is closer to about 60 percent."
Initiatives, such as this, are encouraging, too, as it comes at a time when the cybersecurity industry is continuing in its efforts to become even more diverse and inclusive in its hiring practices. For its part, Ingram Micro is piloting the program out of its Plainfield location, but says if it all goes well, it will look to expand it to the company's other two Indianapolis facilities and, possibly, to other locations across the U.S.
For more information about related cyber career opportunities in Indiana, you can visit the Indiana Cybersecurity Hub and learn more about becoming a cyber professional. By doing so, we can educate, grow, and help to retain an even greater cybersecurity workforce across Indiana.
Public Safety Telecommunicators Deliver a Resilient Cyber Defense for all Hoosiers
Wednesday, April 14, 2021
By Ed Reuter
As if the urgency of a single 911 call isn't important enough in saving someone's life, imagine being the person at the emergency call center, whose responsibility it is to urgently send help, having to contend with the threat of a cyberattack shutting down every call from getting through its system?
Varying in intensity and sophistication, these types of cyber-related incidents that have impacted local 911 centers is adding to the already intense, around-the-clock work performed by the public safety telecommunicators, whose dedication to their jobs makes life easier for all of us. Amid these challenges, it is my pleasure as the executive director of the Indiana Statewide 911 Board to commend their tireless efforts as part of National Public Safety Telecommunicators Week.
All of this comes at a time when the technology we're using to operate our communications systems is advancing ever rapidly. At the same time, cyber criminals are using tactics ranging from ransomware to business email compromise to steal personal data and/or take over control of the system itself. That's critical, especially when it comes to local government and maintaining a solid infrastructure.
All it takes is one domino to fall and before you know it, the situation can escalate quickly, causing new problems to emerge -- including attacks on our backup systems. That said, there are practical solutions -- that can begin at the workstation of a dispatcher -- to manage these threats and allow a county or local municipality to address their public safety needs every minute of the day, including:
- Adopt/implement clearly defined cybersecurity policies that include regular risk assessments
- Once all the cyber policies/procedures are in place, employees will need regular training to allow them to practice as a way to recognize and stop cyber threats
- Focus on prevention, encourage collaboration and teamwork, and evolve your rules to fit the ever-changing nature of emerging threats
The State of Indiana also offers county and local government emergency managers a range of cybersecurity resources to help improve a cybersecurity plan, as well as measure its effectiveness in the event of a cyberattack. For more information, visit the Indiana Cyber Hub to learn more about the Indiana Cybersecurity Scorecard or the Emergency Manager Cybersecurity Toolkit.
I've often said that our local 911 centers are the heart and soul of our emergency communications systems. Because of that, it's fair to say that every person who serves their community as a public safety telecommunicator possesses within themselves the heartbeat and the pulse to keep the system operating in a way that protects us all. Together with our Chair, State Treasurer Kelly Mitchell and on behalf of our staff and all Hoosiers, we thank our telecommunicators for their dedication and service.
To learn more about this important topic, you are welcome to watch the latest episode of the "Days of Our Cyber Lives" podcast from the Indiana Bond Bank. State Treasurer Kelly Mitchell and I are joined in the conversation by Indiana's Cybersecurity Program Director Chetrice Mosley-Romero and Mark Wuellner, executive director of the Indiana Bond Bank.
The Indiana Department of Revenue Taking Cybersecurity to the Next Level
Wednesday, April 7, 2021
By Bob Grennes
It's April and the individual income tax season is in full swing. As you would guess, it's one of the busiest times of the year for the Indiana Department of Revenue (DOR). During this season, DOR processes approximately 3.5 million tax returns and issues around 2.2 million refunds equaling more than $800 million. You've probably never thought about the volume that comes through DOR's processing systems, and while 3.5 million returns is no small feat, it's just the tip of the iceberg.
Indiana's tax world touches millions of individuals, businesses, corporations and organizations processing over $20 billion and administering 65 tax types. This makes cyber and data security along with ID protection and refund fraud prevention paramount to everything we do.
DOR's cybersecurity team was launched in 2013 and is led by DOR's Chief Information Officer and Chief Information Security Officer. Not only does DOR comply with all IRS requirements, but we have adopted the technical security that the U.S. Department of Defense uses taking our security to the next level. All of DOR's 700+ employees take extensive security training every year, which includes a large amount of cybersecurity information. Additionally, all vendors and partners connecting with DOR systems or receiving DOR data must comply with our comprehensive security requirements.
Not only is keeping data safe part of our overall mission for the agency, To serve Indiana by administering tax laws in a fair, secure, and efficient manner, but it's also at the heart of everything we do.
Our extensive ID protection and fraud prevention program that keeps bad actors from stealing hardworking Hoosiers' identities or tax refunds is full of cybersecurity measures. DOR's program utilizes big data, sophisticated system business rules and forensic analytics to identify and stop identity theft and fraudulent tax refund activity. This team meets daily during individual income tax season to update systems to adapt to new fraud schemes and is an active participant in the IRS's Information and Sharing Analysis Center (ISAC) -- an IRS, private industry and state revenue agency partnership in preventing ID theft and refund fraud. This partnership allows for a more robust set of data to help catch fraud before entering our processing system.
In its eighth year of operation, DOR's fraud program has stopped $180 million of tax refund fraud and prevented nearly 95,000 Hoosier identities from being stolen. Last year alone, $28 million in fraud was prevented.
To learn more about DOR's fraud program, be sure to visit our website at: www.in.gov/dor/fraud-prevention/indiana-eliminating-tax-fraud-attempts/.
Celebrate World Backup Day
Wednesday, March 31, 2021
KEEPING YOUR DATA SECURE PROVIDES PROTECTION FOR YOU - AT HOME, WORK & SCHOOL, LAPTOPS, PHONES & MORE
When it comes to making films, Hollywood loves a great prequel.
Whether it's on TV (think "Young Sheldon") or the movies (Star Wars trilogy), there always seems to be something that we discover in a prequel that we didn't expect, simply by going back in time.
Fast forward to today, March 31, 2021, It's World Backup Day -- an opportunity that reminds us all that it's important to back up our files regularly -- at work, at home, or at school, including our laptops, desktops, phones, and other mobile devices.
And while it's true backing up your data is a simple, three-step process, we can all agree that there are two aspects of our daily life -- backing up our data and working from home -- that's a part of the film we've all starred in since the beginning of the Pandemic.
That's where the prequel comes in.
Did you know? In 1998, almost a year before the release of "Toy Story 2", an animator, who was intending to do some routine file cleanup, instead, entered a command to the drives where Pixar stored the film's files - deleting 90 percent of the film. True story.
How did they save the film? A supervising technical director, who had been working from home, remembered she had a backup version of the film stored securely on the computer she had been using while working remotely. Sound familiar? Thanks to her protected files, the entire film was restored.
While it's true that technology continues to advance at a rapid pace, there are a great deal of resources out there to help you organize your files and put it all together in a way that's practical and easy to manage.
There's even a guide from the U.S. Computer Emergency Readiness Team (US-CERT) you can download that features a wide range of backup options. Think of it as a playbook that you can rely on that doesn't read like stereo instructions.
As always, be sure to visit our Indiana Cybersecurity Hub for the latest cyber tips, resources, and news to help all Hoosiers stay safe whenever you're online.
Celebrating World Backup Day will also provide you with a well-scripted plan that'll help keep cyber criminals out of the picture.
Women's History Month - A Time to Support Women in Cybersecurity
Wednesday, March 24, 2021
Indiana ratified the 19th Amendment in 1920, making last year the centennial anniversary of this important milestone in our state's and nation's history. Countless Hoosier women and male allies worked tirelessly during this movement to pave a new path for women in the future.
The celebration doesn't have to end there, as each March is Women's History Month. This annual event highlights the contributions of women in society, which should include the progress women are making in cybersecurity.
Recently, I spoke with the relatively new group, Government Women in Technology. Comprised mostly of women in state government, this group is supporting their fellow colleagues who work in an industry that has historically been a male-led field. In the past year, this group has grown to more than 100 people who work in information technology, cybersecurity, and other computer-related fields. At the same time, this group is lighting a path to encourage the next generation of women to seek a career in technology. These women are reaching out to schools and working with young female students to keep the interest alive in STEM classes.
This kind of interaction can have a lasting impact on our workforce.
The same was true for suffragists who worked for change to get women a spot at the polls. As part of the 100th anniversary of the ratification of the 19th Amendment, I chaired the Indiana Women's Suffrage Centennial Commission, an effort catalyzed by Indiana Humanities.
This partnership between a statewide network of women's and history organizations was such an eye-opening experience. We worked to ensure the important pieces of history are not and will not be forgotten because the suffrage movement demonstrated that ordinary people when working together, can make an extraordinary impact. The Commission developed and supported programming aimed at unearthing untold or lesser-known stories, as well as those that both educate and preserve the individual and collective legacies of women whose efforts were instrumental in the movement.
Some highlights from 2020 include:
- Jan. 16 Statehouse Celebration - Hundreds of people, from General Assembly members and suffrage commissioners to Girl Scouts, League of Women Voters members, and ordinary citizens, gathered to recognize Indiana's ratification of the 19th Amendment.
- Preserving Women's Legacy Grants - One-time grants allowed Indiana Main Street organizations in Angola, Michigan City, and Peru to discover, preserve and tell stories about the contributions women have made in their communities.
- Suffrage Block Party - In August, the Indiana Historical Society, Indiana State Museum, and others hosted a weeklong, virtual celebration featuring talks, and workshops highlighting the work of suffrage scholars, thinkers, and artists around Indiana.
- New Artworks Unveiled at the Statehouse - Two original works of art, a quilt titled "Together" by Indianapolis artist Kassie Woodworth and a painting titled "niNeteenth" by Decatur artist Shelby Nower, were unveiled as part of the state's permanent public art collections.
- New Discoveries - Thanks in part to the Indiana Humanities' May Wright Sewell Fellowships, we learned more about how Indiana women shaped suffrage and politics, including the lives and work of Black Hoosier suffragists and Monroe County and South Bend-area suffragists, and the participation of Black Hoosier women in the 1920 elections immediately following the ratification of the 19th Amendment.
I encourage all Hoosiers to learn more about these activities and more at: IndianaSuffrage100.org.
During Women's History Month, let's not only remember those who committed themselves before us but let's also continue to come together to equip future generations. And, remember, too, the legacy of women leading the way in Indiana is not a new phenomenon, rather it is a part of the fabric of who Hoosiers are.
"Days of Our Cyber Lives" Podcast Highlights How Indiana State Government is Using Cybersecurity to Support Local Governments, Keep Hoosiers Connected
Thursday, March 18, 2021
Got a favorite podcast? We all have one, right?
Did you know? By one recent estimate, on Apple alone, there are more than 1.75 million podcasts out there, with more than 43 million episodes, as of January. That's a lot of popcorn.
Of course, if you're interested in a podcast that offers timely, informative, and helpful FREE information for all Hoosiers; shared in a way that's friendly and easy to understand, we invite you to check out "Days of Our Cyber Lives".
As Indiana's Cybersecurity Program Director, it is my pleasure to participate as a recurring co-host of this podcast series, together with the Indiana Bond Bank and the Office of Indiana State Treasurer Kelly Mitchell.
Offering expert insights and awareness to everyday issues referring to cybersecurity, we talk with our guests about solutions, resources, and ideas for local governments, with information designed to help keep all Hoosiers safe, secure, and connected.
Cybersecurity is an important priority in the state of Indiana, and, because of this, we routinely work closely with local governments who, in turn, provide a wide range of essential services involving everything from emergency management and critical infrastructure to protecting people and businesses as it relates to their personal data and financial information.
Among the guests who've appeared recently on episodes of the podcast includes:
Simply click on the link to view the episode.
- Tracy Barnes - State of Indiana Chief Information Officer - discussing issues impacting local government and proposed cybersecurity initiatives in 2021;
- Hemant Jain - State of Indiana Chief Information Officer - relating to the vision and strategies for combating cybersecurity issues;
- Mitchell Parker - IU Health Chief Information Security Officer - How COVID-19 impacts health systems, identifying IT systems and avoiding COVID-19 cyber scams;
We invite you to log on tune in to "Days of Our Cyber Lives". For all the latest cyber news, tips, and resources, visit our Indiana Cybersecurity Hub, follow us on Twitter and Facebook, and, if you like what you read, subscribe today to our Indiana Cyber Blog!
Helping Patients with Two-Factor Authentication
Monday, March 15, 2021
Perspectives from the Field Series
The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.
In the third installment of our series, our focus is centered on "Patient Safety Awareness Week." In recognition of this campaign, Valita Fredland offers her thoughts -- as an experienced information privacy and security professional -- about the importance of protecting a patient's personally identifiable information (PII) and preserving the privacy of their medical records, as mandated by federal law.
Last semester, I was helping my daughter set up a new e-mail account that she could use for her college search process. As information privacy and security professional, I take such tasks seriously. E-mails are a common way for criminals to steal Personal Identifiable Information (PII) and credentials that can be used to commit other crimes. Therefore, when my daughter and I set up her new e-mail, I selected the two-factor authentication sign-in option. My daughter accused me of being an overzealous privacy professional (true that) and implementing crazy cybersecurity protection that makes it too hard for her to access her account.
In recognition of Patient Safety Awareness Week, I thought I'd share the explanation that I gave to my daughter about why using two-factor authentication for ANY account with PII is not crazy. Patient information is some of the most sensitive PII. With advances in technology, patients have growing control over their digital electronic health records; patients can request digital copies of their medical records from their health care providers; they can store their records themselves, and share the records with others. No matter where patient records are stored, the login access should have two-factor authentication.
Two-factor authentication is a cybersecurity method of verifying that you are who you say you are so that even if your username and password fall into the hands of criminals, they cannot pretend to be you and log in to your accounts. For example, when a patient logs into a patient portal to access a provider's medical records, the patient enters a username and a password to get access, then, as added security, using a second factor, the medical records system would send a temporary code via another method, often via text message, phone call or an e-mail, to the patient which would have to be entered before access to the records is granted. Simple, right?
Even though it is simple to use two-factor authentication like this, only about 10 percent of users set it up for their accounts. Why, might you ask? Well, I think my daughter's complaint is the most common "it takes too long!". So, we tested it. For most accounts that we tried, this extra authentication factor added no more than 10 seconds when logging in to an account.
While there are certain nuances among two-factor systems that can cause hiccups and frustrations, they are likely less frustrating than having your data stolen or misused. And usually, this important security method is both simple and easy.
So, here's to you, and all of us who are patients! To celebrate Patient Safety Awareness Week, companies responsible for the privacy and security of sensitive PII, such as patient information, should make two-factor authentication available for their systems, and patients and other users of accounts with sensitive PII should turn on two-factor authentication. It's not crazy!
Local Governments Rely on Preparation, Knowledge to Reinforce Cyber Readiness
Wednesday, March 10, 2021
Prior to serving as Indiana's State Treasurer, I spent seven years as a county commissioner. In most counties, the commissioners serve as the county executive, so I was given a front-row seat to the complex processes of local government. That experience has proven tremendously informative in my current role, as I often work directly with local government units. From the financial programs of the Indiana Bond Bank to the broad resources of the Statewide 911 Board, I am in frequent communication with county and city personnel.
We've heard a lot about cybersecurity in the past few years, but much of the conversation has taken place at the state and federal levels. What many people don't realize is that local governments are among the most vulnerable to cyberattacks and, until recently, hadn't taken steps to protect themselves. In a 2020 survey of local government, IT executives by the Public Technology Institute, 54 percent said their elected officials were only somewhat engaged with cybersecurity efforts, and 23 percent said their elected officials were not engaged at all. Furthermore, two-thirds of IT executives reported their cybersecurity budget was inadequate.
It may be tempting to assume that this only happens in other places, especially local governments serving large, urban populations, but that isn't the case. Just last year, Lawrence County was hit by an attack that took most county systems offline for days. In 2019, LaPorte County was forced to pay a large ransom after a ransomware attack devastated their systems. Cybercrime can and does, happen in our own backyard.
We can work to fight this trend by arming ourselves with two weapons: preparation and knowledge. Thankfully, many counties have seen the trends in cybersecurity and are working diligently to protect themselves. In fact, 82 percent of IT executives reported their local government has a cybersecurity plan or strategy in place. Once a cyberattack has hit, it's too late.
Knowledge is an important weapon in our fight against cybercrime, Regular training for all government employees is a must. A workplace is only as protected as its vulnerable link. The Indiana Cybersecurity Hub features a wide range of helpful resources that include educational components, best practices, and emergency preparedness. I encourage you to visit the Hub to learn how you can better protect yourself.
My office partners with the Indiana Bond Bank to host a podcast, Days of Our Cyber Lives, which was created to bring awareness to issues relating to cybersecurity and to provide solutions and ideas for local governments. These episodes are packed with helpful information, and are a lot of fun, too!
The pursuit of cybersecurity is a race without a finish line. It requires constant education, vigilance, and time. Working together, we can continue to move the needle on this issue, and my office will continue to uncover new solutions for local governments.
Exposure Creates Perspective
Wednesday, March 3, 2021
PERSPECTIVES FROM THE FIELD SERIES
In the second installment of our Series, we celebrate National Women's History Month, commemorating and encouraging the study, observance, and celebration of the vital role of women in American history, and honoring the many contributions made by women to history, culture, and society.
As part of our celebration, Tasha Phelps provides her real-world perspective as an accomplished entrepreneur. She discusses the disparities facing women and minorities in cyber and IT, while, at the same time, offering a different point of view to consider when bringing about greater opportunities for women in workplace development and significantly account for more of the 31,000 jobs that are expected by 2029.
By Tasha Phelps
The journey to entrepreneurship was (and still can be) a difficult challenge. Sometimes the road is smooth; sometimes the road has twists and turns; sometimes the road is an uphill battle! As a black, female, entrepreneur in technology for more than 20 years, I have many stories that I could share that would likely raise eyebrows or even turn smiles upside down, but would, undoubtedly, spark some conversations.
When I started my company in the late '90s, I started as a simple web developer, and "technology" looked nothing like what it looks like today. Everyone needed what I was selling at the time because web development was such a fairly new phenomenon for business. I didn't realize it, but I was on the cusp of a new industry that would totally change the way we communicate and secure information.
Though certified as a Minority Woman-Owned Business (MWBE) and being in technology (it wasn't called "IT" at the time), I typically felt like the outsider in a room, because I was often the only female. I listened to listen, absorb, and respond, but it wasn't until I was asked to speak at the ITEC 2008 Conference here in Indianapolis, that my voice was actually heard. I spoke on Business Continuity and the use of technology to sustain operations -- a conversation about cybersecurity that was just beginning to hit mainstream Corporate America.
Women in technology are out there -- no question, but women in CYBERSECURITY are few and far between. To that point, many organizations and initiatives in Indiana have formed to specifically feature women and offer them an opportunity to convene and discuss ways to grow and increase their visibility:
- Women & Hi-Tech established in 1999 is an organization that works to recognize women in STEM (Science, Technology, Engineering & Math) fields for their efforts and influence.
- Indy Women In Tech is an organization designed to inspire women and girls (of all ages) to pursue careers in STEM industries.
One component that hasn't expanded as vastly or as quickly, is the diversity of the women involved. The opportunities and the attention that many have given to inspire young girls to explore careers in STEM exists, but haven't been abundantly successful. In fact, one of the opinion contributors at USA Today published an article suggesting why this is so [read article].
Now that we've been exposed to the numbers and recognize the disparity in women/minority women in cybersecurity (or just technology in general), let's look at this from a different perspective. What can Hoosiers do (men and women) to inspire and encourage young girls to consider STEM careers? Here are a few suggestions:
- Become a role model
- Volunteer in organizations that specifically target this issue
- Share your own story
- Help minimize the fear of the industry
- Get involved
The disparity of women and minorities in cybersecurity/technology is not insurmountable, and while business and industry begin to address Diversity and Inclusion across the board, those of us in IT can be intentional about addressing the disparities, specifically in technology.
The Lack of Diversity in Cybersecurity
Thursday, February 25, 2021
Perspective From The Field Series
In the final blog installment celebrating #BlackHistoryMonth, we wanted to ask a valued member of the IECC and partner, Linda Calvin, who is the Vice President of the School of Information Technology at Ivy Tech, to talk frankly about where we are now with developing a workforce in cybersecurity to include African Americans, especially as the need for cyber professionals continues to grow.
By Linda Calvin
With the proliferation of the Internet of Things (IoT), now we have bad actors who want to hack into your smart homes, your smart devices, and even your cars. The Bureau of Labor Statistics states that information security analyst jobs are expected to grow 18 percent through 2024. Huge demand for cyber! However, the numbers of African Americans in cyber aren't improving. Why?
Linda Calvin's List of Whys
#1. What the heck is cybersecurity? Unless you live and breathe tech, cybersecurity seems like something out of a Tom Clancy novel or a Jason Bourne movie. Put simply: cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. With COVID, I saw more messages about how I needed to renew my Netflix subscription than I could count. I didn't have one in my name! A cyber professional identifies these phishing attempts and designs solutions to protect data. We need to make cybersecurity relatable and map it to passion and interest, then we can attract more talent of all genders and races.
#2. It's too technical. Attempts have been made to demystify cybersecurity by classifying it as non-technical. That's not the right approach. It's technical -- you have to understand the foundation of coding, but you don't have to be a Jedi codesmasher to enter the field of cybersecurity. You need to understand how to unpack a problem, have a robust intellectual curiosity with a desire to learn, logical thinking, and troubleshooting skills.
At Ivy Tech, in our nationally-recognized and accredited cyber program, we spend time helping students understand the basics before we dive into the advanced topics. And, sure, students are exposed to coding. But it's more about understanding those minefields hackers are creating for you than it is about you writing hundreds or thousands of lines of code.
#3. When you can see us, You can be us. We need to see more black cybersecurity role models. We do exist. There are organizations such as Blacks in Cybersecurity, the International Consortium of Minority Cybersecurity Professionals, influential black cybersecurity leaders, the Black Cybersecurity Association, and Women in Cybersecurity. We need more black leaders to be visible and we need cyber leaders to mentor and tell stories of why cybersecurity is important.
#4. The Song Remains the Same - Bias and Racism. The disparity in the lack of black or African American men and women in cyber can be attributed to the disparity in tech overall -- bias in hiring and racism. The tech industry, as a whole, has a poor report card on ethnic diversity. We address this by applying intentional analysis into hiring practices and deconstructing the false narratives that black people are not technical enough or have the requisite subject matter expertise to lead or work in cyber. It's a big challenge, but not insurmountable if we get tech leaders to root out bias in their organizations.
Why is it important to have more African American representation?
Diversity fuels innovation and studies prove this out. However, what we also know is that to build an application or design a process that serves a diverse audience, you must have diversity at the table. If we have homogenous voices designing security solutions, will those solutions ultimately encompass people of color, people of different socioeconomic statuses? It's critical that we get black adults and youth excited about cybersecurity and cyber hygiene! It's essential that we expose youth to cybersecurity in elementary school and middle school as they adopt more technology. To protect the workforce, we must reflect the workforce.
Career Experiences, Mentoring: Creating Opportunities in Cyber, Celebrating Black History Month
Wednesday, February 24, 2021
When it comes to parties or parades, there's always a theme. It gives us a reason to celebrate.
And while it's true that the cybersecurity world isn't likely to get together anytime soon to host a parade or have a party on any sort of scale that draws a crowd, there is a theme to the activity we're seeing right now, in virtually every corner of the cyber world.
In a word, it's opportunity.
Everything from the advancements we see in technology to the progress that's made involving safer Internet protocols, especially as it involves protecting children and young adults, we see opportunity. The same is true with careers in cybersecurity and how many jobs are predicted to be created in the years to come. With it, comes the opportunity for mentoring and guiding young people to a more promising future.
Of course, as new opportunities emerge, it's because people have achieved success and, in some cases, are the first to do something that's never been done. In doing so, they made the most of their opportunities, even if it meant they did so while, at the same time, overcoming adversity.
In celebration of Black History Month, we noted in our most recent blog -- featuring Indiana State CIO Tracy Barnes' interview with Linda Cureton, known for her accomplishments as the first African American CIO at NASA -- the number of cybersecurity jobs is expected to rise as much as 31 percent through 2029.
Amid that promising forecast, Cureton shared her belief that the key to attracting people in any field is the desire that folks have for the community and seeing people like themselves. In offering her perspective, she pointed out the fact that "when you are the first, you don't have the benefit -- but you can give that benefit to others".
Following on Cureton's story, we are pleased to share with you -- and honor -- the careers and achievements of three African Americans, whose knowledge, reputations, and leadership in cybersecurity and IT are admired and highly respected, along with the tireless work and contributions they've made (and continue to make) in supporting humanitarian issues worldwide.
Among those whose stories we are pleased to share with you, include:
Veda T. Woods - Humanitarian & Global Cybersecurity Executive -- Veda Woods' strategic leadership spans over 22+ years of combined public and private sector experience in cybersecurity, data governance, cyber risk management, and threat/intelligence oversight. Her focus on policies and decision-making processes is centered on protecting and respecting human rights by design. As Founder/CEO of the Protect Us Kids Foundation, Woods leads an organization, whose mission is to provide youth with critical, life-saving tools for navigating cyberspace safely without falling victim to Internet predators.
Devon Bryan - Managing Director and CISO of MUFG Union Bank & Co-Founder - International Consortium of Minority Cybersecurity Professionals -- With a cybersecurity career that began as an officer in the U.S. Air Force (USAF) coordinating counter-information operations and designing security strategies, Bryan's vast senior executive management experience includes his work at the IRS, Federal Reserve System, ADP, and KPMG, before becoming Managing Director and CISO at MUFG Union Bank, one of the world's leading financial groups. Dedicated to giving back, Devon is the Co-Founder of the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit organization dedicated to increasing the number of minority students (including women and major under-represented groups) pursuing graduate and post-graduate educational degrees in cybersecurity by funding scholarship opportunities.
Renee Forney - Senior Director - Azure Hardware Systems & infrastructure Security at Microsoft -- Following on her work as an executive in the private sector, Renee worked for the U.S. Department of Homeland Security and served as the Deputy CIO of Cybersecurity and Enterprise Operations at the U.S. Department of Energy. More recently, she worked as the Senior Director of Cyber Assurance at Capital One. Recognized for her noteworthy accomplishments in the betterment of online security and data privacy, she has forged meaningful partnerships with public and private institutions to educate youth about online safety, security, and privacy.
One of the foundations of Black History Month is celebrating the achievements of African Americans. And while it's true that these are but three inspiring stories, their noteworthy accomplishments are vividly illustrated in the hard work of all cyber professionals of color.TOMORROW: Be sure to visit our blog for the 3rd part in our series celebrating Black History Month, as Linda Calvin representing Ivy Tech Community College shares her experience as an African American woman, who is a leader in cybersecurity workforce development, what we are doing as an education industry, and her involvement in making a path to a career in cybersecurity more available to African Americans, women, and other minority groups.