CISA, FBI Reminds Critical Infrastructure to Maintain Strong Cyber Posture During Holiday Season

As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.

There are actions that executives, leaders, and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families. Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends.

CISA and the FBI strongly urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:

• Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
• Implement multi-factor authentication for remote access and administrative accounts.
• Mandate strong passwords and ensure they are not reused across multiple accounts.
• If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
• Remind employees not to click on suspicious links, and conduct exercises to raise awareness.

Additionally, CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including:

• Phishing scams, such as unsolicited emails posing as charitable organizations.
• Fraudulent sites spoofing reputable businesses—it is possible malicious actors will target sites often visited by users doing their holiday shopping online.
• Unencrypted financial transactions.

Finally—to reduce the risk of severe business/functional degradation should your organization fall victim to a ransomware attack—review and, if needed, update your incident response and communication plans. These plans should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident. Note: for assistance, review available incident response guidance, such as the Ransomware Response Checklist in the CISA-MS-ISAC Joint Ransomware Guide, the Public Power Cyber Incident Response Playbook, and the new Federal Government Cybersecurity Incident and Vulnerability Response Playbooks.

CISA and the FBI urge users and organizations to take these actions immediately to protect themselves against this threat. For a comprehensive overview, see the joint Cybersecurity Advisory Ransomware Awareness for Holidays and Weekends. For more information and resources on protecting against and responding to ransomware, visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.

NEW REPORT AFFIRMS "STATE OF CYBER" IN INDIANA

By Chetrice Mosley-Romero

Just as an architect uses a blueprint as the foundation for a skyscraper or a school, Governor Eric Holcomb, on January 9, 2017, affixed his signature to a three-page document – Executive Order 17-11 – providing the groundwork for the Indiana Executive Council on Cybersecurity (IECC) to continue its work and implement a cybersecurity program for all Hoosiers.

In less than five years, the IECC’s achievement is defined by what it is today; a government council unlike any organization of its kind in the nation, both in terms of its first-of-its kind strategic approach and the unprecedented achievements, as defined in the State of Cyber Report (2017-2021). The results of the work completed by the Council’s 20 committees and working groups are included in the report in an easy-to-read format that spells out exactly what’s been accomplished from September 2018 to October 2021.

As the Cybersecurity Program Director of the State of Indiana, I am especially proud of the Council, the progress it has achieved and what it represents for all Hoosiers. In particular, it is our academic, military, private and public partners whose contributions have firmly positioned Indiana as a leading state in cybersecurity.

Divided into two distinct parts, the 50-page document reveals the history and the direct success of the IECC since its relaunch in 2017. More than 350 members were responsible for the research, planning, implementing, and evaluating the 2018 Indiana Cybersecurity Strategic Plan; the results of which are represented in the report.

• The Council completed 78 percent of its 69 deliverables and 77 percent of the 120 objectives.
• The membership – comprised of a cross-sector group of subject matter experts – donated hundreds of hours and millions of dollars in services and resources to Hoosier individuals, governments, and businesses.
• All of the deliverables are spelled out in the report in an easy-to-ready format that accounts for all the progress made by the Council from 2018 to 2021.

The second part is a collection of the many amazing cybersecurity programs and initiatives that are going on throughout Indiana. It is a sampling of the projects, but it highlights how important cyber is, as a part of our everyday life, and the significance it holds as a priority here in Indiana. There is a little bit of everything in cyber occurring throughout the Hoosier state – from what’s going on in our colleges and universities to public and private sectors and industry trade associations and organizations.

Additionally, the report highlights other resources that have been developed over the past four years, including our Cyber Hub website that includes a blog, as well as a list of the most-visited pages on our site and some of the most popular, free cyber resources, such as our Indiana Scorecard and Emergency Manager Cybersecurity Toolkit.

You are invited to download the State of Cyber Report (2017-2021). To learn more about the Council, visit: www.in.gov/cybersecurity/executive-council.

Of course, not unlike the architect, whose projects often include new additions to a building or a school that adds space to serve more students, the Council is continuing in its charter to build on the foundation it created to provide an even stronger cyber posture for all of Indiana.

Recognize Cybersecurity Awareness Month by Helping Your School Defend Against Cyber Threats

Each October, Cybersecurity Awareness Month raises awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online. The initiative’s theme of “Do Your Part. #BeCyberSmart” encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.

Our growing dependence on technology systems - coupled with emerging, evolving, and increasingly deceptive cyber threats - demands enhanced awareness and vigilance when it comes to our online world. It is especially important for schools, parents, and students to stay safe online by defending against risks and strengthening cyber safety and security both at home and within schools.

Helpful tips for improving cybersecurity in your school’s community include:

1. Double your login protection. Enable multi-factor authentication for all accounts and devices to ensure that the only person who has access to your account is you.
2. Shake up your password protocol. Consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect your and your school’s accounts in the event of a breach.
3. Update security software. Whether you’re using a school’s computer, smartphone, or other device, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems.
4. Play hard to get with strangers. Cyber criminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from – even if the details appear accurate – or if the email looks ‘phishy,’ do not respond and do not click on any links or attachments found in that email.

In addition, bookmark these key cybersecurity resources to keep your students and schools safe online:

General Resources and Websites

• Stop.Think.Connect. Parent and Educator Resources: This webpage outlines essential resources and materials for parents and educators to help start the discussion about cyber safety and cybersecurity with children and students. Find information about safe social media practices, what it means to “be online,” how to become a good digital parent, and more.
• Be Cyber Smart: This campaign is designed to inspire the younger generation of Americans to take responsibility for their own cyber safety. Learn about cybersecurity basics, common scams, and how to report cybersecurity incidents.
• StopRansomware.gov: This website is a one-stop resource where public and private sector entities can find U.S. government tools, information, and resources to help reduce the risk of ransomware attacks and improve resilience. The site includes a specific K-12 resource section, which includes information geared towards IT staff, students, parents, and administrators.
• Keeping Children Safe Online: This website offers guidance for teachers, parents, guardians, and caregivers on protecting children from becoming victims of online exploitation.

Fact Sheets, Videos, and Tip Cards

• Cyber Threats to K-12 Remote Learning Education: This fact sheet is a primer for non-technical educational professionals, and includes general cybersecurity best practices, video-conferencing best practices, and a list of available resources.
• Cyber Safety Considerations for K-12 Schools and School Districts: This fact sheet provides information to students, teachers, and administrators on identifying cyber threats, educating students on responsible online behavior, and learning how to prevent, prepare for, and respond to a potential cybersecurity incident.
• Cyber Safety Video Series: This series of short videos – centered around themes such as social media safety, ransomware, phishing, and making strong passwords – outlines tips and best practices to help schools, students, and educators stay safe online.

Visit SchoolSafety.gov to access additional cybersecurity resources and guidance and follow @SchoolSafetyGov on Twitter for other timely school safety updates.

SchoolSafety.gov Disclaimer  ​​​​​​
The U.S. Department of Homeland Security (DHS), U.S. Department of Education (ED), U.S. Department of Justice (DOJ), and U.S. Department of Health and Human Services (HHS) do not endorse any individual, enterprise, product, or service. DHS, ED, DOJ, and HHS do not mandate or prescribe practices, models, or other activities described in this communication. DHS, ED, DOJ, and HHS do not control or guarantee the accuracy, relevance, timeliness, or completeness of any information outside of those respective Departments, and the opinions expressed in any of these materials do not necessarily reflect the positions or policies of DHS, ED, DOJ, and HHS.

Governor Holcomb Designates October as "Cybersecurity Awareness Month"

By Chetrice Mosley-Romero

Following on the proclamation by Indiana Governor Eric Holcomb designating the month of October as “Cybersecurity Awareness Month”, Indiana is continuing in its cyber readiness to keep all Hoosiers safe and secure and protect our critical infrastructure that’s essential to everyday life.

The progress comes at a critical time, as the severity and frequency of a cyberattack includes not only data breaches and is crossing over to sophisticated attack on the physical operations of water utilities, hospitals, schools, and local governments.

In addition to the best practices, tips, and resources available on the Indiana Cybersecurity Hub website, the State of Indiana is staying at the forefront of being prepared with the Emergency Manager Cybersecurity Toolkit; a free, downloadable “playbook” designed to help take out some of the complexities related to cyber and provide an invaluable resource with the tools to help people stay protected. It is a complete guide to help with planning in the event of a cyberattack.

Developed by the Indiana Executive Council on Cybersecurity (IECC), the Toolkit is organized into four main sections, including:

• A surveyto assist emergency managers in working with their partners to develop emergency and continuity of operations plans;
• Cybersecurity incident response plan template;
• Training and exercise guide; and
• Additional resources to help deal with new and pervasive threats.

For office managers, executives and IT managers – interested in getting an initial understanding of an organization’s cybersecurity posture – can use another cyber resource known as the Indiana Cybersecurity Scorecard; it is a free download and takes less than 20 minutes to complete to start a conversation about cybersecurity within an organization.

Cybersecurity Awareness Month is designed to raise awareness about the importance of cybersecurity across Indiana and the country to help make sure everyone is able to stay safe online. This year’s theme is “DoYourPart. #BeCyberSmart” and encourages individuals and organizations to be proactive in protecting their part of cyberspace. For more information, visit the Indiana Cyber Hub, or on social media at Twitter and Facebook.

Indiana's Cyber Readiness Advancing Rapidly

By Chetrice Mosley-Romero

“Winning isn’t everything it’s the only thing”. – Vince Lombardi

“You play to win the game” – Herm Edwards

If you think about it, protecting a school, hospital, or a city’s water supply from a cyberattack is a lot like a football coach drawing up a game plan for playing against the #1 team in the country – every day.

There’s game film, playbooks and you always have to account for how you’re going to stop the other team’s best player from scoring; all the while trying to figure out what else the coach might have up his sleeve. And there’s no halftime show to try and adjust to stage a comeback.

That’s the challenge facing the State of Indiana in its efforts to continue rapidly moving forward in its mission to further strengthen its cybersecurity resiliency and response.

The progress that’s been achieved comes as the State of Indiana and the Indiana National Guard recently hosted two cyber exercises in a partnership with several federal agencies, health care providers, and technology companies, water utility service providers, state, and local government officials, as well as state and federal emergency and law enforcement agencies.

“Conducting these exercises highlights the strength of the cybersecurity structure that exists within the state and underscores the work that’s been accomplished over the past three years by Indiana Governor Holcomb’s Executive Council on Cybersecurity with our partners in the military, academic, public and private sectors,” said Indiana Department of Homeland Security Executive Director Stephen Cox. “Most importantly, it represents the progress with cyber that’s been achieved on behalf of all Hoosiers when we approach cybersecurity as something that is not solved by one entity alone, but by everyone at all corners of the state.”

Having a playbook is especially crucial, given the fact there are not only a seemingly endless number of situations in which a cyberattack or incident can occur, but there are all kinds of circumstances and variables that can interfere with a cyber team’s strategy for protecting its systems.

When Water Runs Out…

A water utility being attacked is not only scary to every city in America, but the reality of it also happening is real.

The Cybersecurity and Infrastructure Security Agency (CISA) has partnered with the State of Indiana and the City of Fort Wayne to exercise how state, federal, mutual aid, and local government would work together in a long-term cyberattack that eliminates the supply of water from the city, with a special emphasis on the secondary effects for the city’s hospitals.

As the Cybersecurity Program Director for the State of Indiana, there’s no question cybersecurity impacts every aspect of our daily lives. As we’ve seen with recent cyber incidents – everything from pipelines to water utilities to schools and hospitals – a cyberattack can create substantial effects and damage to our community and our critical infrastructure, disrupting our daily lives and safety.

When Natural Disasters Hit…

Following the completion of the tabletop exercise, a second cyber exercise as part of a full-scale functional exercise hosted by the Indiana National Guard for first responders and several military branches as well as search and rescue teams at the Muscatatuck Urban Training Center.

The grounds of the 1,000-acre facility, located in Southern Indiana, is a real city that includes a built-in physical infrastructure, a well-integrated cyber-physical environment, an electromagnetic effects system and human elements. There are more than 190 brick-and-mortar structures with roughly 1.5 million square feet under roof, 1.8 miles of subterranean tunnels, a cave complex, more than nine miles of roads, managed airspace, a 185-acre reservoir, and a cyber live-fire range.

The focus of the Indiana National Guard exercise centered on measuring how federal, state, local and private sectors respond to a devastating earthquake.

“We really need to prepare now for these acts which we’ve already seen here in Indiana and across the world,” said Ron Pelletier, founder and chief customer officer at Pondurance, a cyber security company.  “When natural disasters hit all parts of the world, we are seeing more and more targeted cyberattacks in those affected areas. Investing now in preventative measures is the best way to avoid situations like that from becoming worse. It comes down to planning to avoid cyber breaches but being prepared to respond.”

As emergency and military teams respond to the effects of the earthquake, the Indiana National Guard also tested the additional response of its incident command leadership while the cyber experts from IU Health, Citizens Energy Group, and Pondurance made the efforts more difficult by attacking the water supply in the aftermath.

It’s Not “If” But “When”...

Pelletier added that Pondurance hopes disaster drills, such as these two, will raise awareness among policy makers to help fund security programs and protocols. “National, state, and community security is truly at risk here, and we need to take action now to preserve it. Waiting for the dam to burst before you repair it is a terrible maintenance strategy, and that’s exactly the situation we have here across power grids, water supplies, healthcare, you name it.”

Having the ability to draw on the resources and expertise required at a moment’s notice to keep people safe in the event of a cyber incident or attack relies on making certain that the state and its partners have a line of communications that’s always open to make sure the State of Indiana provides a response that’s most effective, regardless of the circumstances.

Many of those who are participated in both state exercises also serve on the Indiana Executive Council on Cybersecurity (IECC). As defined in Executive Order 17-11 from Indiana Governor Eric Holcomb, the IECC is a first-of-its-kind collaboration, whose work as an organization within state government, is responsible for guiding the state’s cybersecurity policy, It is comprised of 35 Council members and 250 advisory members, all of whom are subject matter experts represent a wide range of businesses, industries and professions, including education, finance, utilities and insurance, among many others.

The State of Indiana and its partners offer best practices, guides, toolkits, and resources to allow all organizations and critical infrastructures to mitigate, but also prepare for a cyberattack. For more information about the IECC or the State of Indiana’s Cyber Strategy, visit www.in.gov/cyber.

For more information about CISA’s cybersecurity services and resources, visit www.cisa.gov.

Cyberbullying: It's Not Just the Kids

By Chetrice Mosley-Romero

If you’ve ever been around someone, whose solution for solving a problem, is, simply, to blame it on “the kids” and act as though it’s a problem that doesn’t affect adults, you’ve just described some of the challenges that exist in dealing with cyberbullying.

Living in a digital age, as we do, technology enables us to do a lot of things online that makes our lives easier, as well as safer and more secure. Unfortunately, as we know, cyberbullying is something that’s made its way from the school playground or, for adults, while working at a job or as part of their personal life to (and from) anywhere in the world.

Cyberbullying is defined as “an act of harassing or causing harm to someone using a digital device (cell phone, computer, tablet, mobile device, etc.) to send, post, or share negative, harmful, false, or demeaning content about someone else”. It occurs through SMS, text messaging, and apps, or online in social media, chat rooms/forums and emails. It also takes place in online video gaming where people can view, participate in, or share content. It also includes sharing personal or private information about someone else to embarrass or humiliate them or damage their reputation. At its worst, cyberbullying crosses the line into unlawful or criminal behavior.

Often times, when we hear about cyberbullying, it involves children, teenagers, and young adults. A lot of that may not come as a surprise, given the fact that 95 percent of teens in the U.S. are online and 60 percent of young people say they’ve witnessed online bullying.

That being said, it’s not just the kids.

In a study entitled “How Common Is Cyberbullying Among Adults? Exploring Gender, Ethnic, and Age Differences in the Prevalence of Cyberbullying,” research showed that almost 15 percent of the participants had ever been a target of cyberbullying before, with 2.2 percent reporting such experiences within the past month. Young adults (18-25 years) experienced the highest levels of cyberbullying (during both the lifetime and past month time frames), but substantial lifetime cyberbullying was reported by older age groups as well, including those 26-35 years (24 percent) and 46-55 years (13 percent), up to the 66+ age group (6.5 percent).

What’s the Solution?

Fortunately, there’s a lot of good information available from a variety of trusted resources – with just a few clicks – to help you deal with cyberbullying, including:

• HealthyChildren.org – Powered by the American Academy of Pediatrics, it’s a website for parents and families, whose mission is centered on the physical, mental, and social health and well-being for all infants, children, adolescents, and young adults.
• Security.org – Includes the latest facts about cyberbullying, including a video to help parents, and more.

• Federal Trade Commission – https://www.consumer.ftc.gov/articles/0028-cyberbullying
• StopBullying.gov – https://www.stopbullying.gov/
• Teacher.org – http://www.teacher.org/resource/bullying/

There’s also help out there for adults. For the same reasons that we’ve become more dependent on technology, it can be even more complicated, adults can be far more adept at hiding their online identity. As we get older, there are many ways to be bullied, including such as doxing, and swatting that can lead to dangerous situations and profoundly impact someone’s mental health.

For more information about staying safe online, visit the Indiana Cybersecurity Hub website. There’s all kinds of helpful tips for parents and what you can do when dealing with cyberbullies.

Just as the song says, R-E-S-P-E-C-T is something we all can do, as kids and adults!

Cybersecurity for Education Toolkit - A Great Online Guide for Indiana's School Communities

By Chetrice Mosley Romero

Whether you’re in Cannelton, Crown Point, or Carmel, cybersecurity is the link that helps our school communities – across Indiana – continue to be strong and protected while staying connected.

At a time where we’re spending, some days, as much time being together virtually, as we do – in person – with one another, cyber is a tool that’s crucial for helping to educate our children and young adults. And regardless of the important role you play, the Cybersecurity for Education Toolkit is a FREE, turnkey resource; saving you precious time as you focus on the rapidly increasing challenges that are taking place in education as another school year gets underway. It is for everyone, including:

• Superintendents and school board members
• Teachers, staff, and administrators
• Students of all ages and their families
• Every person who lives in a school community

Created in 2020 by the Indiana Executive Council on Cybersecurity (IECC) and the Indiana Department of Education (DOE), the Toolkit is an easy-to-understand resource, complete with tips and helpful information to make sure everyone in education is cybersafe and practicing good habits that will help:

• Students protect their identity and schoolwork
• Teachers and staff manage their lesson plans while keeping safe their student’s data, including their grades and assignments
• Administrators protect their students and keep their facilities secure
• Members of the public can engage and communicate with schools and educators

It’s National Online Learning Day and the guide is easy to use to take advantage of all the articles, images, tips, resources, and social media posts, as needed. In addition, we invite you to visit the Indiana Cybersecurity Hub website. There you’ll find even more materials – updated regularly – that will help you with everything from tips on maintaining good cyber hygiene to the steps you should take if you are the victim of a cybercrime.

There’s also lots of cyber-related information for teachers and students, including resources and programs for pursuing a career in cybersecurity. Soon, we’ll be updating the Toolkit with even more of the latest materials and resources to help everyone in your school community keep pace with today’s ever-changing cyber world.

PREPARED TO PROTECT IN A CYBER DISASTER

By Chetrice Mosley-Romero

September is National Preparedness Month and this year’s theme is “Prepare to Protect. Preparing for disasters is protecting everyone you love”.

If you think about it, even for a minute, it’s a lot to take in. And, as we’ve discovered that disasters, sadly, come in all too many forms.

If you’re a part of an emergency management agency (EMA) – regardless of the size of the community you serve -- you already know that everyone, it seems, is counting on you to do it all; everything from prevention, protection, mitigation, response, and recovery, whether it’s natural, man-made, or an act of terrorism, including a cyberattack.

Keep in mind, too, that a disaster – these days – goes beyond the physical elements that we’re used to dealing with in emergency management, instead it’s now  compounded by a cyber incident or an attack. Bottom line, it has the potential to make a bad day so much worse.

Fortunately, here in Indiana, there exists a “playbook” that’s designed to take out some of the complexities related to cybersecurity while, at the same time, providing an invaluable resource with the tools to help people stay protected, as much as possible.

Known as the Indiana Emergency Manager Cybersecurity Toolkit, it was developed by the Indiana Executive Council on Cybersecurity (IECC) and is organized into four main sections, including:

• A survey to assist emergency managers in working with their partners to develop emergency and continuity of operations plans;
• Cybersecurity incident response plan template;
• Training and exercise guide; and
• Additional resources to help deal with new and pervasive threats.

It’s FREE and we invite you to download the full Emergency Manager Cybersecurity Toolkit today!  It can be used a  as a complete guide or piece-by-piece, depending on how detailed you want to go with your planning and what you would do in the event your organization experiences a cyberattack or incident.

For more information related to emergency response and recovery, visit the Indiana Cybersecurity Hub. And be sure to come back to the site for the latest information and updates to the Toolkit!

National Matchmaker Day Celebrates Romance, Reveals Complexities of Finding Love Online

By Chetrice Mosley Romero

Looking for love and finding that “special someone” is an experience – not unlike a lot of things in life – comes with a lot of emotion.  If you’re someone who’s found love online, congratulations!

According to Vox – Tinder, already being the most downloaded app in the world, recently hit three billion swipes in one day and it has continued to surpass that number 130 more times since March of 2020. Activity is only increasing on dating apps like Tinder, Bumble and Hinge. Likewise, the frequency of people experiencing an invasion of their privacy is rising, not only with the companies storing your information, but from other users as well.

While the goal may be to find love, instead many come across romance scammers attempting to trick them, especially if it could lead to sending money.

Interacting with unreliable dating profiles can create some complications and complexities, since users are more than capable of creating fake dating profiles. Romance scammers often communicate with targets on other platforms as well, as a way of building someone’s trust, even as they create a false relationship and the appearance of being financially stable.

The FTC further notes that romance scammers often lie about living or traveling outside of the United States; working on an oil rig, being in the military or even working as a doctor with an international organization.

Regardless of other users’ intentions on these popular dating sites, you should be your most authentic self not only when it comes to your dating profile, but when you are communicating with other users as well. One organization, Get Safe Online, recalls just how to go about being authentically you on these dating sites in a safe manner:

• Choose a username that doesn’t let everyone know who you are by not including information like your last name or where you work;
• Remember that overly provocative or controversial usernames could attract the wrong users;
• Don’t include contact information such as your email address, home address or phone number in your profile or as part of any initial communications;

• Stop communicating with anyone, who tries to pressure you or trick you into sharing your personal or financial personal or financial information;
• Avoid accessing your account from a public or shared computer, so that others can’t view or record your password or any personal information;
• Be wary of opening any email attachments from someone you have only just met and;
• Ensure that you keep your internet security software up to date

With the impact created by the Pandemic and the importance of social distancing, online dating has become a hot spot for making a connection involving everything from finding love to just getting to know someone you can confide in and trust.  Even in circumstances that make it seem as though someone has good intentions, it’s a good idea to always be wary of what is in someone’s dating profiles. And always be cautious when it comes to meeting anyone on an app or as part of any online chat.

We encourage you to still think positively about the possibility of love, but also to be proactive when connecting with someone. To learn about how to protect yourself online, visit the Indiana Cybersecurity Hub; it features lots of important resources to you’ll find helpful for protecting yourself, as well as your family, and friends!

Helping Senior Citizens Stay Safe, Avoid Online Scams Is Good For All of Us

By Chetrice Mosley Romero

August 21^st is National Senior Citizens Day! According to Statista, 75 percent of adults 65 and over frequently use the internet. For some perspective, the World Wide Web, as we know it, is only 30 years old. That means this group was already working age adults and most likely didn’t have the opportunity to learn the ins and outs of the internet.

In today’s ever-changing society, cybersecurity is a priority regardless of age, however senior citizens are more often targeted by scams due to a perceived vulnerability and that they most likely own a home and have some financial savings. Elder fraud results in more than $3 billion in losses yearly.

Seniors are also less likely to report fraud because they either do not know how to do so, who to contact, or they feel ashamed of being scammed. So how can we protect our elders or help them protect themselves? Here are a few easy ways to avoid scams and fraud targeted at senior citizens!

To get started, it’s important to understand what types of scams that are out there, including:

• Romance – often referred to as “catfishing” -- using a false identity to pose as someone interested in a relationship on social media.
• Tech Support – a scammer takes control of a person’s laptop or mobile device and posts a message on the screen to call “tech support” and uses the so-called technology problem – that doesn’t exist – to steal someone’s money.
• Grandparent Scam – posing as a grandchild in need of immediate financial support
• Government Impersonation – posing as a government employee seeking demand for a payment to avoid being arrested or prosecuted.
• Lottery/Sweepstakes Scam – misleading someone to believe they have won a lottery or sweepstakes so long as they pay a “fee”; sometimes they’ll say that the person was entered in the contest by someone else.

To help avoid falling victim to these scams, it’s a good idea to follow a few simple tips:

• Resist acting quickly. The sense of urgency is key to a lapse in judgement, call the authorities if you have your suspicions
• Any unsolicited activity is a red flag
• Never share any personally identifiable information online
• Keep all anti-virus and security software up to date.
• Use a password-protected firewall
• Avoid opening any email attachments from people you do not know; simply delete it

If you believe that someone you know has been the victim of elder cyber fraud, contact your local FBI field office or submit a tip online. Remember to keep any emails or documentation you can to help provided a detailed report of the scam. Remember, too, to not engage in conversation with anyone you think is trying to scam but keep the emails, texts, etc. to help stop them. If you or a loved one in Indiana are a victim of identity theft you can go here for resources on what to do next.

Let’s all do our part to protect our senior citizens today, tomorrow and every day of the year. We’re all in this together and, together, we can keep our cyber spaces friendly, productive, and safe for all. For additional information, visit the Indiana Cybersecurity Hub for the latest cybersecurity news, resources and trends, check out our cyber tips page and follow us on Twitter and Facebook.

The Ultimate Chocolate Chip Cookie Recipe - Protecting Your Privacy

By Chetrice Mosley Romero

“By continuing to browse or by clicking ‘Accept’, you agree to the storing of cookies on your device.”

When you go online, you’re prioritizing your personal recipe of which ingredients will pertain to your wants and needs during that specific time. Well, associations are thinking of their own recipe online as well. They prioritize their ingredients of wants and needs when they put out their information online. These associations’ websites are eating up your privacy and security.

Cookies aren’t just delicious desserts, but pieces of information saved about you while you’re online. Vox explains that if you go to a weather website and type in your zip code, the next time you visit that website it will remember your location – simply because of first-party cookies placed by that website. Third-party cookies, on the other hand, are often sold to advertisers tracking you, even after you leave that website.

Have you noticed that when you visit a website, you’re not offered a choice to either accept or decline their cookie policy? Instead, you’re commanded to accept or continue browsing, or else you lack access to information? By accepting or continuing to browse, you’re essentially accepting advertisers and other associations to invade your privacy on your device.

The FTC offers vital information to help ensure you understand the purpose of cookies and a step-by-step recipe for protecting yourself online, including:

• Changing the privacy settings for your browser, smart phones/mobile devices, and Internet-connected TV
• Opting out of targeted advertising
• Considering using an ad blocker
• Opting out of data brokering sites that sell your personal information

Everyone loves a warm chocolate chip cookie right out of the oven, just as much as the next person. That said, businesses and organizations have a responsibility to be up front, allowing their customers to choose for themselves if cookies are tracked back to them. Nonetheless, it’s a good idea for all of us to stay educated on what we’re participating in and accepting online.

On a positive note, CNN Business explores Google’s recent pitch for the future of tracking-based web advertising; something that could be viewed as inevitable and, at the same time, is an opportunity that offers some potential.  Their plan is to rely less on an individual’s browser history and more on “cohorts” of internet users with similarities. It is more crucial than ever before to not only understand how to safely navigate the internet, but to understand what exactly you are accessing and possibly giving away. Companies are willing to make effective change for your privacy, and we encourage you to be proactive in doing what you can to protect yourself.

To learn even more about privacy policies and how they work and additional resources for helping you keep your personal information secure, visit the Indiana Cyber Hub and follow us on Twitter and Facebook.

Workforce Development Opportunities in Cyber – It’s About (Way) More than Ones and Zeroes

By Chetrice Mosley Romero

Today is National Intern Day and Indiana Intern Day; a day for the companies and organizations (and really all of us) to celebrate, empower, encourage and recognize the contributions and hard work of the people, who are spending their summer or part of their school year using their unique talents to gain the experience that’s needed for finding a job and getting started in a career.

It’s been my experience that the quality of the work and the contributions that are made by someone, working as an intern, are not only meaningful, but it’s also an important factor in some of the success we achieve as an organization. In other words, no one’s spending their time making coffee or running errands.

In the world of cybersecurity, the outlook for employment and workforce development is wide open. According to CyberSeek.org, there are currently 465,000 cybersecurity jobs available in the U.S., including more than 4,000 in Indiana.

And while the majority of the positions are IT jobs and requires a certain level of technical knowledge, there’s an abundance of cyber jobs and careers that aren’t as complex and, instead, involves a background related to using strategic communications skills, including work in public relations, graphic design, and marketing, among others. Add to that, fully 30 percent of the professionals working in cybersecurity come from a non-technical background.

As the Cybersecurity Program Director for the State of Indiana, our team of interns, this summer, includes three college-age students. Together, Angelica, Hailey and Zach have contributed to the content featured in this blog; and they are also responsible for creating many of the images and illustrations and the information we share on our website, as well as on Twitter and Facebook.

Among the observations they’ve made is the recognition that the work they’ve done in cybersecurity “…goes way beyond ones and zeroes,” adding that “…without human beings we wouldn’t need cybersecurity in the first place. People created issues like identity theft, third-party cookies, ransomware and so much more. But on the other hand, without human beings we wouldn’t be able to unite as an online community to help ourselves and others understand and resolve these issues through the use of cybersecurity”.

There was also the shared experience of being somewhat intimidated, at first, by the word “cybersecurity” and the depth of knowledge someone would have to possess to do the job. Instead, it was their experiences that it is a topic from which you can learn about – based on your own personal experiences. But, because it is so vital to protecting ourselves, all it requires is having an open mind and understanding how it can be applied as a part of our daily life.

In addition to the skills and experiences they gained from their internship, it’s important, too, to acknowledge some of knowledge, as a staff, we learned from them about cyber and how it can be applied; simply by viewing it from the perspective whose life, from a much earlier age, was influenced by technology.

Or, how an illustration, a podcast or a well-organized review of a strategic plan can be conveyed to others as part of our cybersecurity program for the benefit of all Hoosiers.

National Be Someone Day - An Opportunity for Protecting Children, Teens Online

By Chetrice Mosley Romero

July 21^st is National Be Someone Day. Each year, this day challenges each of us to take a little bit of time out of our day to make a difference in the life of a child. As society continues to grow to an online setting for, seemingly, everything we do, it is important that we do everything we can to protect children online.

There are always challenges that come from our friends, even family members, or other people with whom we communicate with online, whose requirements for being verified – at any given moment – is an issue that causes us concern. Maybe it’s as simple as someone coming to you saying their old account got hacked, so they made a new one. Or it could be something much more complex, with someone you don’t know trying to set you up with a phishing scam. The same measure of risk is there for our kids when they’re online.

A good way for determining the true identify of this person online would be like what you would tell children and teenagers about strangers. Ask them a question that requires an answer that would be hard to find online, such as a middle name, or the name of a sibling, or even the name of one of their pets. You could even develop a phrase for your children to use that anyone who might want to connect with them needs to know.

Norton security offers some helpful tips on how to protect your kids online, including:

• Following the recommended age limits for apps, such as Instagram, Facebook, etc.
• Visit and learn more about the sites yourself before letting kids on
• Check the privacy settings of each site
• Check device settings and manage them yourself
• Set clear rules for your children
• Educate your children on what to look for in scams or “catfishing” attempts

The other way to “be someone today” is by maintaining a strong security plan to help guide a child’s or teenager’s online experiences. In addition to needing the internet for school, it’s likely they’ll be using a phone, laptop, or other type of a mobile device – just for fun - that connects to the internet, even video games.

Along the way, they’ll be interacting with people in each of those categories. If they’re at home, it’s important to always make sure that the router or Internet connection you’re using is secure. It’s a good idea, too, to take the time to educate them about protecting themselves and being safe whenever (and wherever) they’re online. Make sure that you are aware and monitoring any accounts or apps they are using. Depending on their age, you probably have more experience on the internet than they do; you know the warning signs. As they get older, that’s likely to change, but you can help with that by always encouraging them to communicate any concerns or suspicions they’ve experienced while on the Internet.

Today is a day all about making a positive impact on the lives of children. The internet and cybersecurity are a prime example for demonstrating how to “Be Someone” and providing a positive influence in young lives of those around you.

Cybersecurity 101 Back to the Basics

By Chetrice Mosley Romero

Today is National Simplicity Day!

To celebrate, it's a great time to learn more about making cybersecurity simple (and easier...) to understand for you and the people in your life.

To be sure, cyber is a topic that comes with its complexities, with many components to understand and put to practice. At the same time, it’s something that’s essential for all of us, as individuals, parents, business owners, educators, students, politicians, healthcare professionals and the list only continues. And, as never before, it's important; think of it as one of the things all of us have in common, in terms of our everyday life experiences.

The Cyber Security Magazine simply notes that cybersecurity pertains to protecting data, devices, programs, systems and networks from cyber threats and attacks. Now, let’s break that down by asking where do cyber threats and attacks come from and how do they affect you?

Cybint expresses that fully 95 percent of cybersecurity breaches are actually caused by human error and regardless of your technological skill set, you could very well be a part of that statistic.

A skill-based error consists of small mistakes taking place during familiar tasks. On the other hand, decision-based errors occur when the user makes a faulty decision because there is a lack of information. Opportunity, environment and lack of awareness are all factors that play into the commonality of human error.

Now, if you previously guessed correctly that society causes cyber threats and attacks, then you probably already have a grasp on the concept that society can be the solution as well.

Ready helps explain how to deal with a cyberattack by offering tips throughout the entirety of the process, as well as helpful information related to COVID-19. Here are the simple, preventive cybersecurity steps to take:

• Have privacy settings and do not use location features.
• Keep software applications and operating systems up to date.
• Use a password manager and two-factor authentication.
• Think before you click, and when in doubt don’t click. Do not provide personal information.
• Use encrypted Internet communications.
• Protect your home and/or business with a secure Internet connection and Wi-Fi network.
• Use a stronger authentication, like a PIN or password that only you would know.
• Check your account statements and credit reports regularly.
• Use a Virtual Private Network (VPN) that creates a more secure connection.
• Use antivirus solutions, malware and firewalls to block threats.
• Regularly back up your files in an encrypted file.
• Change administrative and Wi-Fi passwords regularly.

While the goal of the lesson today is to break down the heavy and complex topic of cybersecurity, the learning doesn’t stop here. Technology and cyber are constantly evolving, so staying educated and embracing constant changes allow for safety to be a priority, personally and publicly.

Now, for homework, I invite each of you to assess cyber knowledge with one of our online safety quizzes and stay updated with our informative resources on the Indiana Cybersecurity Hub. With technology being more accessible than ever before, the end goal is to make cybersecurity not only simple, but (even more) a part of your daily routine!

Confessions of a Chocoholic

By Chetrice Mosley Romero

Technology is like chocolate: People crave and indulge in the sweetness and richness of it all, and it comes in a variety of forms. As Forrest Gump famously noted, “life is like a box of chocolates. You never know what you're gonna get.”

Not long ago, I received an abnormal notification of suspicious activity at a chocolate store I had never visited before, and I knew that this was one of those “surprises” (and not a good one) in the box of chocolates that Forrest Gump was referring to. Living by the rule of thumb – don’t trust, always verify – I confirmed my identity with two-factor authentication and contacted the credit card company immediately to decline the purchase that was made using my card. It really goes to show that there are tools out there to prevent credit card fraud and identity theft from happening to you, too.

Debt.org provides a good explanation of the distinction between falling victim to credit card fraud and identity theft. Identity theft can seep into personal areas within your lifestyle like banks, telephone companies, government records and insurance companies. Often times, these criminals start with a few minor transactions here and there – like the one I experienced – to suspect if the real credit card owner could possibly notice before successfully impersonating you.

What is valuable to you could very well be valuable to someone else because information is key. It is important to stay updated on accounts and companies that have your personal information more than once a year. As not only the cybersecurity program director at the Indiana Office of Technology, but also as a victim of identity theft, it is important to remember that this can happen to anyone.

AARP highlights that identity theft cases reached 1,387,615 in 2020, and the numbers only increase every year. Those who are complacent, believing they could never fall victim to identity theft, most likely already have and are the most vulnerable when it comes to this type of issue. The FTC shares helpful tips on being proactive with sharing personal information, including:

• Only share account numbers on the phone with reputable companies and if you’re unfamiliar with them, do an online search first for reviews or complaints.
• Carrying only necessary cards can minimize your losses if your wallet or purse is stolen.
• Always keep your eye on your card during transactions.
• Never sign a blank receipt; Draw a line through any blank spaces above the total.
• Save your receipts and compare it with what’s on your monthly statement.
• Open your bills promptly and match them up with the purchases you’ve made.
• Report questionable charges to the card issuer.
• Notify your card issuer if your address changes or if you will be traveling.
• Don’t write your account number on the outside of an envelope.

Although cybersecurity education is a part of my job description, I am passionate about it as well. I have witnessed people lose their businesses and their livelihood firsthand because of identity theft, and I have been a victim myself. Additionally, as a chocoholic, I can ensure you that just like chocolate, simple unique passwords and just a few seconds of two-factor authentication can ensure a sweet impact on your life.

National Social Media Day: Having the Time of Our Lives

By Chetrice Mosley Romero

Today is National Social Media Day. A reason to celebrate, right?

It might be safe to say that the party’s already started; especially when you consider that in 2020,  people in the U.S. spent an average of more than two hours every day on social media networks. Worldwide, the average is nearly half an hour longer at 145 minutes.

And, while this might be the perfect excuse to round it up to three hours, CISA provides a few tips on how to stay protected while connecting with others on social networks. Another great resource is the National Cybersecurity Alliance, whose advice covers everything from securing your devices to what you need to do with all of the “links” that show up in our social media feeds, and more, including:

• Knowing who’s (really) your friend – Social networks can be used for a variety of purposes. Some of the fun is creating a large circle of friends from many aspects of your life. It’s always good to use the tools on Twitter, Facebook, Instagram, etc. to help manage the information you share with your friends in different groups or other online pages.
• Feeling uncomfortable? Be honest – If a friend posts something about you that makes you uncomfortable or seems inappropriate, let them know. Likewise, keep an open mind if someone says that something you’ve posted makes them uncomfortable.
• Once posted, always posted – What you post something online, it stays online forever. Keep in mind, too, that recent research found that 70 percent of job recruiters rejected candidates based on information they found online. Maintaining your online reputation can and, often does make a difference.
• Keep your personal info personal and maintain your settings – Be cautious about how much personal information you’re sharing on social networking sites to avoid being a victim of identity theft. It’s OK, too, for you to control your privacy settings and control what you see on social media and what you don’t see.
• When in doubt, throw it out – These days, there are ALL kinds of links in our emails, tweets, posts and even text messages and online advertising – much of it through our social media accounts -- that are used by cybercriminals to take advantage of you. Even if you think you know the source and something looks suspicious, don’t click on any of the links and delete it.

Having fun while staying safe online is a real reason for celebrating National Social Media Day. Make a day of it by changing your passwords, or better yet, reach out to your friends and post something that’s positive and fun.

But, if you’re wondering just how much social media influences (seemingly) every aspect of our lives, a recent report found that people spend an average of six years and eight months of their entire life on social media.

Of course, if that sounds like a lot, compare it to the one year and eight months we spend doing housework!

Rising Cybercrime Creates Growing Opportunity for Skilled Professionals

By Valinda Scarbro Kennedy

According to the Center for Strategic and International Studies, cybercrime is costing the global economy $600 billion per year. Denial of service, malware, ransomware, phishing and digital identify theft are but a few of the examples of tactics used by cyber criminals to create disruption of service.  “The average cost of a data breach is now $3.86 million, and, on average, it takes 280 days to identify and contain a breach. And the costs continue to rise.

These cyber threats require constant awareness of our digital footprint. Countries, businesses, and individuals live with the advantages that technology puts at our fingertips, but it also multiplies the risk exponentially.

This backdrop has led to an exponential increase in the number of roles and jobs needed in this already high demand field.   The gap for the critical skills to identify, contain and recover from a breach continues to push the need higher for cyber security skills.   This has created the market for job opportunities and options.

Cybersecurity is one of the most in-demand skills across all industries. There’s a huge gap that exists between the continued high demand for cybersecurity professionals and the ongoing shortage of talent. In fact, Frost & Sullivan predicts that the growing gap between available qualified cybersecurity professionals and unfulfilled positions will reach 1.8 million by 2022.

Everyone, and especially women, can thrive in this field because it provides an expansive roadmap of opportunities and options.  This is a field that requires constant learning and engagement. Which also means this is a great field to work in from remote locations.  No day-to-day reporting to work 9-5; instead, many cyber security jobs provide flexibility and adaptability.  For those who have expertise in many of the highly specialized disciplines, this could be a dream job.

Opportunities for remote work, lots of travel or limited travel, team-engagement, and on-going skills development are all key variables for those who are highly successful in these roles.  With great need comes great options:  public sector or private sector, urban or rural, small or large companies, or domestic or international work. Even more options are being added daily based on the growing need for this global skill.

There are many tools showing the roadmap from entry level skills to more senior positions. The benefit is seen in more and more real-life leaders where women are the cyber security heroes of the story.  One such hero is IBM Fellow Rhonda Childress who recently shared her story with students about what she and her team do in aiding IBM clients around the globe. Another hero is IBM’s Heather Ricciuto, who is lead IBM’s messaging working with students to enable them to see the benefits of going into cyber security fields.

Technology is indeed providing more high paying job opportunities for the right talent with the right skill.  If you want to explore cyber security as a potential area of interest, there are three steps you can take right now:

First, Cyberseek is an outstanding tool to define what some of the specific job titles are in this space and where they fall on the experience spectrum.

Second, check out the resources on the Indiana Cybersecurity Hub. Especially if you are in Indiana, but even if you are elsewhere because the resources in many cases can be used not only by those in Indiana, but as well by others, or as a model for others to consider.

Finally, if you are connected with any accredited academic institution (middle school, high school, college, etc.), use your school email address and sign up for IBM’s Getting Started with Threat Intelligence & Hunting Course and get one of your first cybersecurity badges.

These are your first three steps in an exciting journey! Lead the way Superwomen!

June is National Men’s Health Month!

June is National Men’s Health Month!

By Chetrice Mosley Romero

When it comes to improving our overall health, it seems as though there’s always lots of great information out there for improving your diet and, maybe, exercising a little more. At times, it can be overwhelming and it’s not always easy to know where (or how) to get started.

June is National Men’s Health Month; the perfect time (right?) to change it up a little bit and feel as though you’re starting to make some progress. And, as you do, it’s a good idea to also think about improving your personal cyber health and well-beingMore than ever, IoT (internet of Things) devices connect to us to every part of our daily routines. The same is true for the equipment we use to get in shape – everything from bicycle machines (with access to virtual workouts using a camera and microphone) to wearable fitness trackers, even treadmills.

How popular are these devices? Consider a recent study revealed that 18 percent of men use a smart watch or a fitness tracker. Add to that, there are all kinds of data – about you – that can be tracked through these devices. To be sure, it’s a great way to measure how you’re doing, but you’ll want to follow a few easy tips for staying safe online before starting your workout, including:

• Creating a guest network for your critical devices
• Updating the software on a regular basis and making sure it is password protected
• Researching the security of any devices before making your purchase
• Disabling any unnecessary features, keeping those that maximize your workout while taking away anything that poses a risk

Now that you’ve got a great reason to get out there and feel better about your health and your cyber fitness, have fun with it!

The Shared Responsibility as Digital Citizens - Checking in on a Friend

By Chetrice Mosley Romero

It is one thing to constantly educate yourself with ongoing cyber changes and updates, but it is an even greater responsibility as a digital citizen to take others' actions and decisions online into account as well.

Forbes dives into this shared responsibility of digital privacy and cybersecurity by comparing individuals who confidently drive to the airport without wearing a seatbelt, but then worry the plane they will be boarding may crash. Similarly, when we are online there is a combination of things we can and cannot control. Most often times, the opportunities we are in control of can truly make or break our overall safety.

As digital citizens, we can use today, National Best Friends Day, to start the conversation and make sure our loved ones are aware of the many dangers the internet can pose, along with the circumstances that are in our hands and the precautions that can be taken.

Friendship is not only a choice, but a reliable relationship based on a mutual understanding, love, and respect. The National Cybersecurity Alliance mentions that four in 10 American teens sought help from a friend because of a negative experience online -- based on a study sponsored by Microsoft, in which 813 teens and 809 parents of teens were polled. Friends can be the most valuable resource because they are willing and able to actively listen, allowing safety check-ins to truly resonate.

Regardless of sharing helpful information and concerns with either virtual or real friends, it is important to always stay alert and cautious; especially when engaging in social networks because of its significance in our everyday lives of connection and interaction. ACA Compliance offers helpful cyber conversation starters to have with your loved ones, including:

• Understanding where personal information can be shared online
• How to identify phishing and vishing scams, and knowing the protocol as a victim
• Staying on top of software updates and patches because they are constantly changing
• Getting access to endpoint protection and/or antivirus software
• Knowing when to avoid or engage in software downloads
• Using Wi-Fi security at at home and in public places
• Characteristics of strong passwords and enabling multi-factor authentication
• Protecting your data with internet-connected device security
• Properly disposing of old devices that hold personal information

Every day, individuals are actively choosing to believe that cybersecurity attacks will not happen to them personally. It is important to recognize that personal decisions online really do contribute to the overall safely of all individuals behind their screens. Although we may not be able to control everything that occurs on the internet, we can be a good friend today and everyday by checking in and decreasing potential online threats.

It is more crucial than ever before to check in on your loved ones and befriend cybersecurity as a way to help protect those close to you whenever they're online. For additional information, visit the Indiana Cybersecurity Hub for the latest cyber news, resources, and trends, check out our cyber tips page and follow us on Twitter and Facebook.

Whether You're Relaxing, Working or Attending School - Cybersecurity Starts at Home

JUNE IS NATIONAL HOMEOWNERSHIP MONTH

By Chetrice Mosley Romero

"The ache for home lives in all of us, the safe place where we can go as we are and not be questioned" -- Poet Laureate Maya Angelow

June is National Homeownership Month. And it's safe to say, within the past year, our homes have become so much more than, simply, the place where we live.

For a lot of people, our commute to work is taking us down a hallway, rather than a highway. And if you have children, you've already experienced what it's like to turn your living room, den or, perhaps, a bedroom, into a classroom.

Throughout it all (even now...), an important part of protecting our home is making sure everything from our laptops and routers to all the devices and systems connected to the Internet -- within our home -- are as safe and secure as the locks we have on our doors and windows.

At a time when the number of internet connected devices is expected to increase from 35 billion in 2021 to 75 billion in 2025, many homeowners are doing what they can to balance being comfortable and preserving their peace of mind with the necessity for being safe and secure whenever they're online. In fact, 127 new IoT (Internet of Things) devices connect to the Internet every second.

Maintaining your home's cybersecurity starts with seven helpful tips that are easy and effective and includes:

• Installing a VPN (Virtual Private Network) 
  • Hiding your IP address and encrypts data traffic over a secure network to prevent access to your personal data/devices.
• Locking Your Devices with a Password or PIN 
  • Preventing access to your laptop, tablet or mobile device.
• Changing the Name of Your Wi-Fi Network 
  • ​​​​​​​Avoiding the use of the name/model number of your router or using personal information as part of the name of your network.
• Changing Your Network's Default Password 
  • ​​​​​​​When creating a unique password, use at least 20 characters and a combination of letters, numbers, and symbols.
• Changing Your Network Administrator's Credentials
  • ​​​​​​​Manufacturers often use the words "admin" and "password" as the username and password of their router's administrator page (making it easy for anyone to guess it).
• Placing Your Router in a Secure Position
  • ​​​​​​​Router positioning helps with signal strength and placing it in the middle of the house avoids having the signal spill over to areas outside your home.
• Turning Off Your Wi-Fi When It's Not in Use
  • ​​​​​​​Leaving Your Wi-Fi on at all times provides more opportunities for cyber criminals to break into your network; it also saves energy and offers more protection.

Whether you own or rent your home, keeping everyone cyber safe is another reason to celebrate and adds to your quality of life whether you're at home just to relax, you've got work to do, or there's a homework assigned that needs to be finished.

Going on a Road Trip? Vacation? Be "cyber safe" - What to Know Before You Go

By Chetrice Mosley Romero

Beginning today, more than 37 million Americans are expected to drive, fly or catch a train during the five-day Memorial Day weekend, according to AAA.

As part of this annual kickoff to summer, Friday is National Road Trip Day. Created in 2019, Pilot Flying J -- the largest travel center operator in North America -- is credited with creating this "holiday" as a way to provide people with the essentials of food, drinks and fuel; everything they'll need to get to where they're going.

In getting ready for your trip, when it comes to making sure you follow some important cybersecurity tips, you'll want to keep in mind the advice first shared WAY back in the 1970's for the American Express Card and its travelers' checks and, more recently, featuring comedian Jerry Seinfeld -- "Don't Leave Home Without It".

• For starters, avoid posting on social media that you're leaving town or while you're traveling
  • Criminals can steal your personal and financial information -- not only while you're away, but even after you arrive back home -- by accessing not only your computer router, but also through a host of internet-connected smart devices, such as your thermostat, HVAC system or voice-assisted products (think Siri, Alexa, Google Nest) and more.
  • If a cyber criminal gains access to your social media pages, they can also track your location and use that information to break into your hotel room or know when it is you'll be coming back (potentially increasing the opportunity for identity theft).
  • By staying off social media during your trip, you'll also avoid giving away the location for where you are or even where you're not.
  • Wait until you're back home before sharing any details or photos from your trip.
• Avoid using public Wi-Fi and whenever possible, protect yourself by using a VPN connection to prevent others to see what you're looking at while on your laptop or mobile device.
• Once you arrive at your destination, be sure to never leave your devices unattended in a public space or on any means of transportation. 
  • By doing so, you'll help prevent unauthorized access, physical theft, or data breaches.
• For additional cybersecurity tips, check out a recent story from Forbes about nine (more) steps you can take that'll help you stay cybersafe. 

Along the way, you can also make it easier on finding where it is you are going, as two in five people (42 percent) find travel apps to be especially helpful when planning their vacation, as well as mapping out your stops; it's a great way to save both time and money.

Also, as the opportunity to travel abroad continues to grow again, the Federal Communications Commission (FCC) offers some great cyber-related information you'll appreciate.

So, whether you're Clark Griswold and heading to Walley World for another visit or your trip involves a visit to a beautiful state park or experience the World's Greatest Spectacle in Racing, be sure to arrive (cyber) safe and enjoy!

Cybersecurity: Essential for Protecting EMS Professionals, Patients

NATIONAL EMS WEEK - MAY 16-22, 2021

By Chetrice Mosley-Romero

May 19, 2021

In its 46th year, EMS Week honors our frontline heroes, whose dedication for providing emergency care and lifesaving medicine saves so many lives every day.

Of course, with every call, there is an inherent risk to their own safety and well-being when it comes to taking care of their patients and doing everything, they can to get them out of harm's way, safely and securely.

Perhaps, it's fitting that this year's theme for EMS Week is "Caring for Our Community" and it's important that as we show our appreciation for the essential services, they provide for all of us, we recognize the fact there is another inherent risk that can have a devastating impact involving both the EMS professionals and their patients; a threat that comes from a cybersecurity incident or cyberattack.

Having a strong and resilient cybersecurity system -- maintained by those on the frontline in 911 call centers and staff who are skilled in cybersecurity and IT -- is a critical line of defense that provides protection for both the patient and EMS professional. In fact, cybersecurity is vital for helping to make sure those 911 calls get through and are answered, as well as keeping secure the equipment being used to care for a patient at the scene is working properly. It is also a critical factor for keeping the operations of an entire hospital or health care facility online.

Keep in mind, too, cyber criminals will try and steal a patient's personal data and financial information (including their bank accounts and savings), as well as their medical identity, in which someone's physical condition could be used to commit insurance fraud or worse. In one case, a New York mother was accused of having recently delivered a baby that tested positive for methamphetanine. Child protective services personnel were working to take away her children because of this accusation. In reality, another woman who had been using drugs had used the mother's stolen medical identity to pay for the birth of her child.

According to a recent article on ems1.com, cybersecurity is about manging risk. To help protect those on the front lines, there are three important practices - also known as the CIA triad - to follow:

• Confidentiality - ensuring only the people who should have access to data do.
• Integrity - ensuring that the data entered into the system is the same when it comes out.
• Availability - making sure that systems are up and running when they are needed.

Here in Indiana, cybersecurity is a high priority in keeping safe more than 24,000 EMS providers throughout the Hoosier state, who represent some 800 agencies, answering more than 2,000 calls per day. As the Cybersecurity Program Director for the State of Indiana, we are grateful for their tireless work and we encourage everyone to join in celebrating EMS Week. For more information, visit the Indiana Department of Homeland Security (IDHS) website at: www.in.gov/dhs/ems/ and for the latest cybersecurity news, resources and trends, go to the Indiana Cybersecurity Hub, and follow us on Twitter and Facebook.

Managing Your Passwords - It's Easier Than You might Think

TODAY IS WORLD PASSWORD DAY!

By Chetrice Mosley-Romero

A recent article on SecurityMagazine.com reported that a Dell Technologies Brain on Tech study found when people were tasked with logging onto a a computer (or, presumably, any mobile device) with a long and difficult password, their stress not only increased by 31 percent within (just) five seconds, but it continued to rise even after successfully logging in.

Sounds familiar, right? We've all been there. After all, the average internet user in the U.S. has around 70-80 different passwords. And while each one is supposed to be unique; you might be surprised to know that the most popular password in 2019 was 12345, followed by 123456.

Of course, with more people than ever before working from home and attending school remotely, the necessity of adding strength and a greater measure of complexity to the passwords we create -- for everything from our social media and email accounts to our bank accounts, medical records, and any other sensitive data we want to keep secure -- is, to put it mildly, changing rapidly.

At the same time, you'll be encouraged to know there are a lot more "easier-than-you-think" tips, solutions, and resources available to help you make sense of it all. To get started, there's two things to keep in mind -- you'll want to make passwords that are hard to guess, but easy to remember. And the longer the password, the better -- use at least 16 characters whenever possible.

To make your digital life easier, here's some other key tips to follow, including:

• Never reveal your passwords to others.
• Be sure to use different passwords for different accounts.
• Use multi-factor authentication (MFA). It helps add a layer of protection and learn more on using it for some of the most popular websites. 
• Consider using a password manager.

For additional information on keeping your personal information secure, visit the Indiana Cybersecurity Hub and check out our cyber tips page.

As we celebrate World Password Day, it's a good opportunity to look over the passwords you're using and take some time to do what you can to stay safe whenever you're online (without all of the stress).

Not all Superheroes Wear Suits

By Stephen Cox

Not all superheroes wear suits.

A hero to you may be someone's neighbor from down the street, or it may be a firefighter or police officer who you see often in your area. In fact, someone you may not even know is working hard for you right now to keep you and your loved ones safe.

While we know help will come if we call 911, Hoosiers from all works of life continue to work behind the scenes to protect the state from cyberattacks, volunteering their time and expertise to make Indiana stronger. The members of the Indiana Executive Council on Cybersecurity (IECC) have propelled Indiana to be a leader in cybersecurity, and today -- National Superhero Day -- it seems appropriate we recognize the work of these selfless men and women and how it has contributed to our safety every day.

For the past four years, the IECC has worked to insulate government, businesses, and individuals from cyberattacks by identifying gaps and implementing strategies. And these are not just government employees paid by the state to do the job. The council is comprised of 35 members and more than 250 advisory members who donate their time and energy to support this effort, and in the process protecting you and me.

Since my appointment as Executive Director of the Indiana Department of Homeland Security, I joined many of the IECC members in immersing myself in not only the threat of cyberattacks, but also the safeguards necessary to prevent them from occuring. This is complex work that has required the members to set time aside -- above and beyond their everyday careers -- to work hard, learn quickly, and produce results related to the Indiana Cybersecurity Strategic Plan. It is an impressive level of commitment that has had an enormous impact on our state.

With all this progress made, cybersecurity remains a growing threat to the public and private sector. Our efforts as a state will have to grow alongside this threat. The IECC and its diverse makeup is built for this challenge, and Indiana continues to make cybersecurity a priority across the board. The state has some of the smartest minds and top talent working toward a safer future.

If you were to learn more about the makeup of the IECC, you will see that "behind the masks" are dedicated individuals who are great Hoosiers. I am thankful to have them in our corner.

A "Cyber" Sign of Things to Come

By Chetrice Mosley-Romero

Less than two years ago, a New York Times report included a forecast that predicted, by 2021, there would be 3.5 million unfilled cybersecurity positions globally; a statistic that seems especially profound when you consider that the figure was at just one million positions in 2014.

In the midst of this incredible demand, it seems fitting that as we celebrate Autism Awareness Month (also referred to/celebrated as Autism Acceptance Month and World Autism Month) that a California-based company announced earlier this month its participation in a program that will help grow its workforce in central Indiana by providing jobs to people with autism and other disabilities.

Ingram Micro Commerce & Lifestyle Services says the e-Stewards ADVANCE+ program will fill these positions at the company's IT Asset Disposition (ITAD) Processing Center in Plainfield. The facility is dedicated to providing services for companies needing to securely dispose of their IT equipment; a task that is particularly important, given the fact that the process requires employees to ensure that all of the data (including all files, personal identifying information, and other proprietary materials) is completely securely removed from the devices.

In a recent interview, Ryan Roudebush at Ingram Micro said, "where it's been piloted before, the employees with autism have proven to be very adept working in these types of positions." He added, "In fact, one study showed they are 98 percent productive when they're on the clock and the average employee is closer to about 60 percent."

Initiatives, such as this, are encouraging, too, as it comes at a time when the cybersecurity industry is continuing in its efforts to become even more diverse and inclusive in its hiring practices. For its part, Ingram Micro is piloting the program out of its Plainfield location, but says if it all goes well, it will look to expand it to the company's other two Indianapolis facilities and, possibly, to other locations across the U.S.

For more information about related cyber career opportunities in Indiana, you can visit the Indiana Cybersecurity Hub and learn more about becoming a cyber professional. By doing so, we can educate, grow, and help to retain an even greater cybersecurity workforce across Indiana.

Public Safety Telecommunicators Deliver a Resilient Cyber Defense for all Hoosiers

By Ed Reuter

As if the urgency of a single 911 call isn't important enough in saving someone's life, imagine being the person at the emergency call center, whose responsibility it is to urgently send help, having to contend with the threat of a cyberattack shutting down every call from getting through its system?

Varying in intensity and sophistication, these types of cyber-related incidents that have impacted local 911 centers is adding to the already intense, around-the-clock work performed by the public safety telecommunicators, whose dedication to their jobs makes life easier for all of us. Amid these challenges, it is my pleasure as the executive director of the Indiana Statewide 911 Board to commend their tireless efforts as part of National Public Safety Telecommunicators Week.

All of this comes at a time when the technology we're using to operate our communications systems is advancing ever rapidly. At the same time, cyber criminals are using tactics ranging from ransomware to business email compromise to steal personal data and/or take over control of the system itself. That's critical, especially when it comes to local government and maintaining a solid infrastructure.

All it takes is one domino to fall and before you know it, the situation can escalate quickly, causing new problems to emerge -- including attacks on our backup systems. That said, there are practical solutions -- that can begin at the workstation of a dispatcher -- to manage these threats and allow a county or local municipality to address their public safety needs every minute of the day, including:

• Adopt/implement clearly defined cybersecurity policies that include regular risk assessments
• Once all the cyber policies/procedures are in place, employees will need regular training to allow them to practice as a way to recognize and stop cyber threats
• Focus on prevention, encourage collaboration and teamwork, and evolve your rules to fit the ever-changing nature of emerging threats

The State of Indiana also offers county and local government emergency managers a range of cybersecurity resources to help improve a cybersecurity plan, as well as measure its effectiveness in the event of a cyberattack. For more information, visit the Indiana Cyber Hub to learn more about the Indiana Cybersecurity Scorecard or the Emergency Manager Cybersecurity Toolkit.

I've often said that our local 911 centers are the heart and soul of our emergency communications systems. Because of that, it's fair to say that every person who serves their community as a public safety telecommunicator possesses within themselves the heartbeat and the pulse to keep the system operating in a way that protects us all. Together with our Chair, State Treasurer Kelly Mitchell and on behalf of our staff and all Hoosiers, we thank our telecommunicators for their dedication and service.

To learn more about this important topic, you are welcome to watch the latest episode of the "Days of Our Cyber Lives" podcast from the Indiana Bond Bank. State Treasurer Kelly Mitchell and I are joined in the conversation by Indiana's Cybersecurity Program Director Chetrice Mosley-Romero and Mark Wuellner, executive director of the Indiana Bond Bank.

Keeping our 911 systems secure is our first priority. To learn more about the Indiana Statewide 911 Board, visit our website or on social media on Twitter or Facebook.

The Indiana Department of Revenue Taking Cybersecurity to the Next Level

By Bob Grennes

It's April and the individual income tax season is in full swing. As you would guess, it's one of the busiest times of the year for the Indiana Department of Revenue (DOR). During this season, DOR processes approximately 3.5 million tax returns and issues around 2.2 million refunds equaling more than $800 million. You've probably never thought about the volume that comes through DOR's processing systems, and while 3.5 million returns is no small feat, it's just the tip of the iceberg.

Indiana's tax world touches millions of individuals, businesses, corporations and organizations processing over $20 billion and administering 65 tax types. This makes cyber and data security along with ID protection and refund fraud prevention paramount to everything we do.

DOR's cybersecurity team was launched in 2013 and is led by DOR's Chief Information Officer and Chief Information Security Officer. Not only does DOR comply with all IRS requirements, but we have adopted the technical security that the U.S. Department of Defense uses taking our security to the next level. All of DOR's 700+ employees take extensive security training every year, which includes a large amount of cybersecurity information. Additionally, all vendors and partners connecting with DOR systems or receiving DOR data must comply with our comprehensive security requirements.

Not only is keeping data safe part of our overall mission for the agency, To serve Indiana by administering tax laws in a fair, secure, and efficient manner, but it's also at the heart of everything we do.

Our extensive ID protection and fraud prevention program that keeps bad actors from stealing hardworking Hoosiers' identities or tax refunds is full of cybersecurity measures. DOR's program utilizes big data, sophisticated system business rules and forensic analytics to identify and stop identity theft and fraudulent tax refund activity. This team meets daily during individual income tax season to update systems to adapt to new fraud schemes and is an active participant in the IRS's Information and Sharing Analysis Center (ISAC) -- an IRS, private industry and state revenue agency partnership in preventing ID theft and refund fraud. This partnership allows for a more robust set of data to help catch fraud before entering our processing system.

In its eighth year of operation, DOR's fraud program has stopped $180 million of tax refund fraud and prevented nearly 95,000 Hoosier identities from being stolen. Last year alone, $28 million in fraud was prevented.

To learn more about DOR's fraud program, be sure to visit our website at: www.in.gov/dor/fraud-prevention/indiana-eliminating-tax-fraud-attempts/.

Celebrate World Backup Day

KEEPING YOUR DATA SECURE PROVIDES PROTECTION FOR YOU - AT HOME, WORK & SCHOOL, LAPTOPS, PHONES & MORE

By Chetrice Mosley-Romero

When it comes to making films, Hollywood loves a great prequel.

Whether it's on TV (think "Young Sheldon") or the movies (Star Wars trilogy), there always seems to be something that we discover in a prequel that we didn't expect, simply by going back in time.

Fast forward to today, March 31, 2021, It's World Backup Day -- an opportunity that reminds us all that it's important to back up our files regularly -- at work, at home, or at school, including our laptops, desktops, phones, and other mobile devices.

And while it's true backing up your data is a simple, three-step process, we can all agree that there are two aspects of our daily life -- backing up our data and working from home -- that's a part of the film we've all starred in since the beginning of the Pandemic.

That's where the prequel comes in.

Did you know? In 1998, almost a year before the release of "Toy Story 2", an animator, who was intending to do some routine file cleanup, instead, entered a command to the drives where Pixar stored the film's files - deleting 90 percent of the film. True story.

How did they save the film? A supervising technical director, who had been working from home, remembered she had a backup version of the film stored securely on the computer she had been using while working remotely. Sound familiar? Thanks to her protected files, the entire film was restored.

While it's true that technology continues to advance at a rapid pace, there are a great deal of resources out there to help you organize your files and put it all together in a way that's practical and easy to manage.

There's even a guide from the U.S. Computer Emergency Readiness Team (US-CERT) you can download that features a wide range of backup options. Think of it as a playbook that you can rely on that doesn't read like stereo instructions.

As always, be sure to visit our Indiana Cybersecurity Hub for the latest cyber tips, resources, and news to help all Hoosiers stay safe whenever you're online.

Celebrating World Backup Day will also provide you with a well-scripted plan that'll help keep cyber criminals out of the picture.

Women's History Month - A Time to Support Women in Cybersecurity

By Lieutenant Governor Suzanne Crouch

Indiana ratified the 19th Amendment in 1920, making last year the centennial anniversary of this important milestone in our state's and nation's history. Countless Hoosier women and male allies worked tirelessly during this movement to pave a new path for women in the future.

The celebration doesn't have to end there, as each March is Women's History Month. This annual event highlights the contributions of women in society, which should include the progress women are making in cybersecurity.

Recently, I spoke with the relatively new group, Government Women in Technology. Comprised mostly of women in state government, this group is supporting their fellow colleagues who work in an industry that has historically been a male-led field. In the past year, this group has grown to more than 100 people who work in information technology, cybersecurity, and other computer-related fields. At the same time, this group is lighting a path to encourage the next generation of women to seek a career in technology. These women are reaching out to schools and working with young female students to keep the interest alive in STEM classes.

This kind of interaction can have a lasting impact on our workforce.

The same was true for suffragists who worked for change to get women a spot at the polls. As part of the 100th anniversary of the ratification of the 19th Amendment, I chaired the Indiana Women's Suffrage Centennial Commission, an effort catalyzed by Indiana Humanities.

This partnership between a statewide network of women's and history organizations was such an eye-opening experience. We worked to ensure the important pieces of history are not and will not be forgotten because the suffrage movement demonstrated that ordinary people when working together, can make an extraordinary impact. The Commission developed and supported programming aimed at unearthing untold or lesser-known stories, as well as those that both educate and preserve the individual and collective legacies of women whose efforts were instrumental in the movement.

Some highlights from 2020 include:

• Jan. 16 Statehouse Celebration - Hundreds of people, from General Assembly members and suffrage commissioners to Girl Scouts, League of Women Voters members, and ordinary citizens, gathered to recognize Indiana's ratification of the 19th Amendment.
• Preserving Women's Legacy Grants - One-time grants allowed Indiana Main Street organizations in Angola, Michigan City, and Peru to discover, preserve and tell stories about the contributions women have made in their communities.
• Suffrage Block Party - In August, the Indiana Historical Society, Indiana State Museum, and others hosted a weeklong, virtual celebration featuring talks, and workshops highlighting the work of suffrage scholars, thinkers, and artists around Indiana.
• New Artworks Unveiled at the Statehouse - Two original works of art, a quilt titled "Together" by Indianapolis artist Kassie Woodworth and a painting titled "niNeteenth" by Decatur artist Shelby Nower, were unveiled as part of the state's permanent public art collections.
• New Discoveries - Thanks in part to the Indiana Humanities' May Wright Sewell Fellowships, we learned more about how Indiana women shaped suffrage and politics, including the lives and work of Black Hoosier suffragists and Monroe County and South Bend-area suffragists, and the participation of Black Hoosier women in the 1920 elections immediately following the ratification of the 19th Amendment.

I encourage all Hoosiers to learn more about these activities and more at: IndianaSuffrage100.org.

During Women's History Month, let's not only remember those who committed themselves before us but let's also continue to come together to equip future generations. And, remember, too, the legacy of women leading the way in Indiana is not a new phenomenon, rather it is a part of the fabric of who Hoosiers are.

#WomensHistoryMonth

"Days of Our Cyber Lives" Podcast Highlights How Indiana State Government is Using Cybersecurity to Support Local Governments, Keep Hoosiers Connected

By Chetrice Mosley-Romero

Got a favorite podcast? We all have one, right?

Did you know? By one recent estimate, on Apple alone, there are more than 1.75 million podcasts out there, with more than 43 million episodes, as of January. That's a lot of popcorn.

Of course, if you're interested in a podcast that offers timely, informative, and helpful FREE information for all Hoosiers; shared in a way that's friendly and easy to understand, we invite you to check out "Days of Our Cyber Lives".

As Indiana's Cybersecurity Program Director, it is my pleasure to participate as a recurring co-host of this podcast series, together with the Indiana Bond Bank and the Office of Indiana State Treasurer Kelly Mitchell.

Offering expert insights and awareness to everyday issues referring to cybersecurity, we talk with our guests about solutions, resources, and ideas for local governments, with information designed to help keep all Hoosiers safe, secure, and connected.

Cybersecurity is an important priority in the state of Indiana, and, because of this, we routinely work closely with local governments who, in turn, provide a wide range of essential services involving everything from emergency management and critical infrastructure to protecting people and businesses as it relates to their personal data and financial information.

Among the guests who've appeared recently on episodes of the podcast includes:

Simply click on the link to view the episode. 

• Tracy Barnes - State of Indiana Chief Information Officer - discussing issues impacting local government and proposed cybersecurity initiatives in 2021;
• Hemant Jain - State of Indiana Chief Information Officer - relating to the vision and strategies for combating cybersecurity issues;
• Mitchell Parker - IU Health Chief Information Security Officer - How COVID-19 impacts health systems, identifying IT systems and avoiding COVID-19 cyber scams;

We invite you to log on tune in to "Days of Our Cyber Lives". For all the latest cyber news, tips, and resources, visit our Indiana Cybersecurity Hub, follow us on Twitter and Facebook, and, if you like what you read, subscribe today to our Indiana Cyber Blog!

Helping Patients with Two-Factor Authentication

Perspectives from the Field Series

The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.

In the third installment of our series, our focus is centered on "Patient Safety Awareness Week." In recognition of this campaign, Valita Fredland offers her thoughts -- as an experienced information privacy and security professional -- about the importance of protecting a patient's personally identifiable information (PII) and preserving the privacy of their medical records, as mandated by federal law.

By Valita Fredland, JD, MA

Last semester, I was helping my daughter set up a new e-mail account that she could use for her college search process. As information privacy and security professional, I take such tasks seriously. E-mails are a common way for criminals to steal Personal Identifiable Information (PII) and credentials that can be used to commit other crimes. Therefore, when my daughter and I set up her new e-mail, I selected the two-factor authentication sign-in option. My daughter accused me of being an overzealous privacy professional (true that) and implementing crazy cybersecurity protection that makes it too hard for her to access her account.

In recognition of Patient Safety Awareness Week, I thought I'd share the explanation that I gave to my daughter about why using two-factor authentication for ANY account with PII is not crazy. Patient information is some of the most sensitive PII. With advances in technology, patients have growing control over their digital electronic health records; patients can request digital copies of their medical records from their health care providers; they can store their records themselves, and share the records with others. No matter where patient records are stored, the login access should have two-factor authentication.

Two-factor authentication is a cybersecurity method of verifying that you are who you say you are so that even if your username and password fall into the hands of criminals, they cannot pretend to be you and log in to your accounts. For example, when a patient logs into a patient portal to access a provider's medical records, the patient enters a username and a password to get access, then, as added security, using a second factor, the medical records system would send a temporary code via another method, often via text message, phone call or an e-mail, to the patient which would have to be entered before access to the records is granted. Simple, right?

Even though it is simple to use two-factor authentication like this, only about 10 percent of users set it up for their accounts. Why, might you ask? Well, I think my daughter's complaint is the most common "it takes too long!". So, we tested it. For most accounts that we tried, this extra authentication factor added no more than 10 seconds when logging in to an account.

While there are certain nuances among two-factor systems that can cause hiccups and frustrations, they are likely less frustrating than having your data stolen or misused. And usually, this important security method is both simple and easy.

So, here's to you, and all of us who are patients! To celebrate Patient Safety Awareness Week, companies responsible for the privacy and security of sensitive PII, such as patient information, should make two-factor authentication available for their systems, and patients and other users of accounts with sensitive PII should turn on two-factor authentication. It's not crazy!

Local Governments Rely on Preparation, Knowledge to Reinforce Cyber Readiness

By Kelly Mitchell

Prior to serving as Indiana's State Treasurer, I spent seven years as a county commissioner. In most counties, the commissioners serve as the county executive, so I was given a front-row seat to the complex processes of local government. That experience has proven tremendously informative in my current role, as I often work directly with local government units. From the financial programs of the Indiana Bond Bank to the broad resources of the Statewide 911 Board, I am in frequent communication with county and city personnel.

We've heard a lot about cybersecurity in the past few years, but much of the conversation has taken place at the state and federal levels. What many people don't realize is that local governments are among the most vulnerable to cyberattacks and, until recently, hadn't taken steps to protect themselves. In a 2020 survey of local government, IT executives by the Public Technology Institute, 54 percent said their elected officials were only somewhat engaged with cybersecurity efforts, and 23 percent said their elected officials were not engaged at all. Furthermore, two-thirds of IT executives reported their cybersecurity budget was inadequate.

It may be tempting to assume that this only happens in other places, especially local governments serving large, urban populations, but that isn't the case. Just last year, Lawrence County was hit by an attack that took most county systems offline for days. In 2019, LaPorte County was forced to pay a large ransom after a ransomware attack devastated their systems. Cybercrime can and does, happen in our own backyard.

We can work to fight this trend by arming ourselves with two weapons: preparation and knowledge. Thankfully, many counties have seen the trends in cybersecurity and are working diligently to protect themselves. In fact, 82 percent of IT executives reported their local government has a cybersecurity plan or strategy in place. Once a cyberattack has hit, it's too late.

Knowledge is an important weapon in our fight against cybercrime, Regular training for all government employees is a must. A workplace is only as protected as its vulnerable link. The Indiana Cybersecurity Hub features a wide range of helpful resources that include educational components, best practices, and emergency preparedness. I encourage you to visit the Hub to learn how you can better protect yourself.

My office partners with the Indiana Bond Bank to host a podcast, Days of Our Cyber Lives, which was created to bring awareness to issues relating to cybersecurity and to provide solutions and ideas for local governments. These episodes are packed with helpful information, and are a lot of fun, too!

The pursuit of cybersecurity is a race without a finish line. It requires constant education, vigilance, and time. Working together, we can continue to move the needle on this issue, and my office will continue to uncover new solutions for local governments.

Exposure Creates Perspective

PERSPECTIVES FROM THE FIELD SERIES

The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.

In the second installment of our Series, we celebrate National Women's History Month, commemorating and encouraging the study, observance, and celebration of the vital role of women in American history, and honoring the many contributions made by women to history, culture, and society.

As part of our celebration, Tasha Phelps provides her real-world perspective as an accomplished entrepreneur. She discusses the disparities facing women and minorities in cyber and IT, while, at the same time, offering a different point of view to consider when bringing about greater opportunities for women in workplace development and significantly account for more of the 31,000 jobs that are expected by 2029.

By Tasha Phelps

The journey to entrepreneurship was (and still can be) a difficult challenge. Sometimes the road is smooth; sometimes the road has twists and turns; sometimes the road is an uphill battle! As a black, female, entrepreneur in technology for more than 20 years, I have many stories that I could share that would likely raise eyebrows or even turn smiles upside down, but would, undoubtedly, spark some conversations.

When I started my company in the late '90s, I started as a simple web developer, and "technology" looked nothing like what it looks like today. Everyone needed what I was selling at the time because web development was such a fairly new phenomenon for business. I didn't realize it, but I was on the cusp of a new industry that would totally change the way we communicate and secure information.

Though certified as a Minority Woman-Owned Business (MWBE) and being in technology (it wasn't called "IT" at the time), I typically felt like the outsider in a room, because I was often the only female. I listened to listen, absorb, and respond, but it wasn't until I was asked to speak at the ITEC 2008 Conference here in Indianapolis, that my voice was actually heard. I spoke on Business Continuity and the use of technology to sustain operations -- a conversation about cybersecurity that was just beginning to hit mainstream Corporate America.

Women in technology are out there -- no question, but women in CYBERSECURITY are few and far between. To that point, many organizations and initiatives in Indiana have formed to specifically feature women and offer them an opportunity to convene and discuss ways to grow and increase their visibility:

• Women & Hi-Tech established in 1999 is an organization that works to recognize women in STEM (Science, Technology, Engineering & Math) fields for their efforts and influence.
• Indy Women In Tech is an organization designed to inspire women and girls (of all ages) to pursue careers in STEM industries.

One component that hasn't expanded as vastly or as quickly, is the diversity of the women involved. The opportunities and the attention that many have given to inspire young girls to explore careers in STEM exists, but haven't been abundantly successful. In fact, one of the opinion contributors at USA Today published an article suggesting why this is so [read article].

Now that we've been exposed to the numbers and recognize the disparity in women/minority women in cybersecurity (or just technology in general), let's look at this from a different perspective. What can Hoosiers do (men and women) to inspire and encourage young girls to consider STEM careers? Here are a few suggestions:

1. Become a role model
2. Volunteer in organizations that specifically target this issue
3. Share your own story
4. Help minimize the fear of the industry
5. Get involved

The disparity of women and minorities in cybersecurity/technology is not insurmountable, and while business and industry begin to address Diversity and Inclusion across the board, those of us in IT can be intentional about addressing the disparities, specifically in technology.

#LetsDoThis! #OneIndiana

The Lack of Diversity in Cybersecurity

Perspective From The Field Series

The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.

In the final blog installment celebrating #BlackHistoryMonth, we wanted to ask a valued member of the IECC and partner, Linda Calvin, who is the Vice President of the School of Information Technology at Ivy Tech, to talk frankly about where we are now with developing a workforce in cybersecurity to include African Americans, especially as the need for cyber professionals continues to grow.

By Linda Calvin

With the proliferation of the Internet of Things (IoT), now we have bad actors who want to hack into your smart homes, your smart devices, and even your cars. The Bureau of Labor Statistics states that information security analyst jobs are expected to grow 18 percent through 2024. Huge demand for cyber! However, the numbers of African Americans in cyber aren't improving. Why?

Linda Calvin's List of Whys

#1. What the heck is cybersecurity? Unless you live and breathe tech, cybersecurity seems like something out of a Tom Clancy novel or a Jason Bourne movie. Put simply: cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. With COVID, I saw more messages about how I needed to renew my Netflix subscription than I could count. I didn't have one in my name! A cyber professional identifies these phishing attempts and designs solutions to protect data. We need to make cybersecurity relatable and map it to passion and interest, then we can attract more talent of all genders and races.

#2. It's too technical. Attempts have been made to demystify cybersecurity by classifying it as non-technical. That's not the right approach. It's technical -- you have to understand the foundation of coding, but you don't have to be a Jedi codesmasher to enter the field of cybersecurity. You need to understand how to unpack a problem, have a robust intellectual curiosity with a desire to learn, logical thinking, and troubleshooting skills.

At Ivy Tech, in our nationally-recognized and accredited cyber program, we spend time helping students understand the basics before we dive into the advanced topics. And, sure, students are exposed to coding. But it's more about understanding those minefields hackers are creating for you than it is about you writing hundreds or thousands of lines of code.

#3. When you can see us, You can be us. We need to see more black cybersecurity role models. We do exist. There are organizations such as Blacks in Cybersecurity, the International Consortium of Minority Cybersecurity Professionals, influential black cybersecurity leaders, the Black Cybersecurity Association, and Women in Cybersecurity. We need more black leaders to be visible and we need cyber leaders to mentor and tell stories of why cybersecurity is important.

#4. The Song Remains the Same - Bias and Racism. The disparity in the lack of black or African American men and women in cyber can be attributed to the disparity in tech overall -- bias in hiring and racism. The tech industry, as a whole, has a poor report card on ethnic diversity. We address this by applying intentional analysis into hiring practices and deconstructing the false narratives that black people are not technical enough or have the requisite subject matter expertise to lead or work in cyber. It's a big challenge, but not insurmountable if we get tech leaders to root out bias in their organizations.

Why is it important to have more African American representation?

Diversity fuels innovation and studies prove this out. However, what we also know is that to build an application or design a process that serves a diverse audience, you must have diversity at the table. If we have homogenous voices designing security solutions, will those solutions ultimately encompass people of color, people of different socioeconomic statuses? It's critical that we get black adults and youth excited about cybersecurity and cyber hygiene! It's essential that we expose youth to cybersecurity in elementary school and middle school as they adopt more technology. To protect the workforce, we must reflect the workforce.

Career Experiences, Mentoring: Creating Opportunities in Cyber, Celebrating Black History Month

By Chetrice Mosley-Romero

When it comes to parties or parades, there's always a theme. It gives us a reason to celebrate.

And while it's true that the cybersecurity world isn't likely to get together anytime soon to host a parade or have a party on any sort of scale that draws a crowd, there is a theme to the activity we're seeing right now, in virtually every corner of the cyber world.

In a word, it's opportunity.

Everything from the advancements we see in technology to the progress that's made involving safer Internet protocols, especially as it involves protecting children and young adults, we see opportunity. The same is true with careers in cybersecurity and how many jobs are predicted to be created in the years to come. With it, comes the opportunity for mentoring and guiding young people to a more promising future.

Of course, as new opportunities emerge, it's because people have achieved success and, in some cases, are the first to do something that's never been done. In doing so, they made the most of their opportunities, even if it meant they did so while, at the same time, overcoming adversity.

In celebration of Black History Month, we noted in our most recent blog -- featuring Indiana State CIO Tracy Barnes' interview with Linda Cureton, known for her accomplishments as the first African American CIO at NASA -- the number of cybersecurity jobs is expected to rise as much as 31 percent through 2029.

Amid that promising forecast, Cureton shared her belief that the key to attracting people in any field is the desire that folks have for the community and seeing people like themselves. In offering her perspective, she pointed out the fact that "when you are the first, you don't have the benefit -- but you can give that benefit to others".

Following on Cureton's story, we are pleased to share with you -- and honor -- the careers and achievements of three African Americans, whose knowledge, reputations, and leadership in cybersecurity and IT are admired and highly respected, along with the tireless work and contributions they've made (and continue to make) in supporting humanitarian issues worldwide.

Among those whose stories we are pleased to share with you, include:

One of the foundations of Black History Month is celebrating the achievements of African Americans. And while it's true that these are but three inspiring stories, their noteworthy accomplishments are vividly illustrated in the hard work of all cyber professionals of color.TOMORROW: Be sure to visit our blog for the 3rd part in our series celebrating Black History Month, as Linda Calvin representing Ivy Tech Community College shares her experience as an African American woman, who is a leader in cybersecurity workforce development, what we are doing as an education industry, and her involvement in making a path to a career in cybersecurity more available to African Americans, women, and other minority groups.

State of Indiana CIO Tracy Barnes - Q&A with Linda Y. Cureton - First American CIO of NASA and Founder-CEO of Muse Technologies

In celebration of Black History Month - we are pleased to present the first of a 3-part Indiana Cyber Blog series highlighting the achievements of African Americans in Cybersecurity and Information Technology.

Tracy Barnes, Chief Information Officer for the State of Indiana, recently spoke with Linda Cureton, whose distinguished, 34-year career in civil service includes the distinction of serving as the first African American to serve as the Chief Information Officer at NASA.

Tracy Barnes: It's interesting to see not only the impact of what you were able to accomplish as a CIO in leading an organization, but I also found it remarkable the fact that you were able to apply your experience, skills, and knowledge across such a broad range of agencies -- everything from the Department of Justice and Energy to the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) to Space Exploration.

What do you attribute your ability to lead these agencies at such a high level, given the fact each of which operated within different cultures and disciplines and likely relied on different processes and applications?

Linda Cureton: The organizations are quite unique. One saying that I have is that the one thing unique organizations have in common is their uniqueness. In other words, a CIO will have to consider people, process, and technology at each organization she serves -- that's the commonality. However, each consideration of people, process, and technology will vary. For example, processes at the Department of Energy were born out of the healthy, but non-collaborative competition of the Manhattan Project; processes at the ATF (Bureau of Alcohol, Tobacco, Firearms, and Explosives) were born out of the necessity of facing life-threatening situations -- fire, ready, aim; and processes at NASA were based on science and scholarly argumentation. Thus, the technology and people aspects were similarly formed to conform to these cultural features. My ability to lead these agencies successfully resulted from my ability to clearly see these attributes.

Tracy Barnes: In reading an article highlighting some of the work (at the time) you were involved with at NASA, you described the task of transitioning to a new desktop service provider and the necessity of downshifting from 10 contracts down to one, saying that's "always a dicey situation for a CIO".

In terms of advancing technology and, perhaps, changing the culture of NASA, what lessons did it provide for you? And, to what extent did handling those "dicey situations" help you as a CIO? What impact do you believe it had in helping to improve NASA?

Linda Cureton: What helped in the transition at NASA was understanding that the sum of the 10 "parts" was greater than the whole. In other words, if one obtains 10 requirements and puts them on one enterprise contract, you will miss the requirement. There's a holistic aspect of "the enterprise" that is missing. For NASA, there were essentially three different security and networking requirements, not 10. The human space flight community needed highly secure, fast, low bandwidth requirements supporting astronauts, spacecraft, and satellites. The scientists needed low security and high bandwidth supporting exploration, experimentation, and information sharing. The administrative community was more security compliance-oriented with moderate bandwidth requirements. Aggregating these requirements would have been expensive and pleased few customers. The "dicey" situation for the CIO requires looking beyond the aggregation and developing enterprise solutions that meet the mission and business needs.

Tracy Barnes: One of the foundations of Black History Month is celebrating the achievements of African Americans. Speaking as a CIO, who is African American, there is a recognition for the responsibilities I possess and the path I've followed to make the decisions that best serve our employees, as well as serves the interests of all Hoosiers.

As the first African American to serve as a CIO -- first at the Goddard Space Center and, soon after that, NASA as an entire agency, how would you describe the challenges you dealt with along the way, and how would you say it's influenced your work? Your career?

Linda Cureton: The biggest challenge I faced was dealing with the notion that I was selected not because of my ability, but because of some need to address diversity and inclusion issues. In other words, I was selected to help with organizational diversity statistics and not with technology challenges. The situation did not improve as I was promoted to be the CIO of the entire agency because it was assumed, I was chosen because the country had just elected an African American President and not because of my ability. While I recognized my own capabilities of being a strategic advisor for NASA's mission of exploration, I cannot say I wasn't called to prove my abilities constantly. This was frustrating and disheartening.

Tracy Barnes: One of your (many) notable achievements involved establishing NASA's Office of Chief Technology Officer for IT "to focus on innovation and drive change through enterprise". Did it help you achieve the goal of creating a single agency vision for what IT should look like? How did it happen?

Linda Cureton: As technologically innovative as NASA's mission would suggest, the agency does not consider information technology as "technology". Information technology is thought of as more tactical than strategic -- like electricity, running water, or as one senior executive said to me, the toilets. I met a lot of resistance in establishing the office of the CTO of IT. However, whether it was through stubborn persistence or blind courage, I persevered and agreed to add the "of IT" to the title. The CTO for IT was able to advance an innovative agency vision for IT. One of the things I am most proud of is the work we did to create what was to become OpenStack. We created a private/hybrid cloud solution internally named Nebula. My team opened the solution to the open-source community enabling what would become OpenStack. We worked collaboratively with the industry, the agency's legal officials, and the open-source community to accomplish this goal.

Tracy Barnes: Cybersecurity is an integral part of information technology for advancing, as well as maintaining the security of an organization. It is my understanding you have a belief about how cybersecurity fits into this process. Can you share with us your approach and how that experience influenced your work?

Linda Cureton: When asked to contribute to this blog, my first response was -- I hate security. But why? I hate security because there is no such thing as security. I feel that this is an unpopular position because CIOs or CISOs are always advocating that complying with specific practices will provide security. This is fallacious. Back in the day, I favored continuous monitoring over the false confidence of compliance. I believed in the no-trust of the network and the need to implement protective measures as close to the data as practical. Today, I resist the fallacious notion of secure supply chains. We should presume insecure networks and supply chains developing strategies accordingly. My thoughts on cybersecurity strategy are inspired by the old movie "Star Trek II: The Wrath of Khan". Young Starfleet cadets were given a test mission of the Kobayashi Maru -- the no-win scenario. This test was passed only once, by the future hero James T. Kirk. The only way to pass was to change the game. I believe that the cybersecurity game needs to change -- otherwise, we keep losing and losing.

Tracy Barnes: What advice would you offer to people interested in pursuing a career in IT or cybersecurity?

Linda Cureton: I think the cybersecurity field needs to benefit from people who understand compliance requirements but have the emotional intelligence of understanding the changing nature of the adversaries and the behavioral aspects of the end-users. The field is overrepresented with compliance orientation with no knowledge of people and change management issues. A high emotional intelligence for folks pursuing a career in cyber will cause them to excel to the top of their profession.

Tracy Barnes: At a time when the number of cybersecurity jobs is expected to rise by as much as 31 percent through 2029, based on your experiences of overseeing entire agencies and organizations, what is the key to attracting more young people of color to cyber and IT?

Linda Cureton: I believe that the key to attracting people in any field is the desire that folks have for the community and seeing people like themselves. However, when you are the first, you don't have that benefit -- but you can give that benefit to others. The other thing that is needed is true mentorship and/or sponsorship. When I say true mentorship, for example, I don't mean the sterile "check-the-box" mentoring programs that are often established. We need mentoring which builds relationships over time and challenges both the mentor and the protege.

Tracy Barnes: In describing the contributions of the 58 women whose accomplishments in aerospace are well documented, you said they demonstrated what you called "leadership courage" -- "...the kind that helps someone overcome the fear that looks like voices in your head. It looks like the people saying you can't do it. It looks like a mountain too high to climb. But, that it's also the fear that motivates and that courage takes that fear and turns it into preparations for success".

Is that something you have lived by, in the work you accomplished over your career? Does it continue to influence you in leading Muse Technologies? How so?

Linda Cureton: This question has a long answer. I wrote a whole book called "The Leadership Muse: Inspiration for the 21st Century Hero-Leader". You can't be a hero without courage, and you can't have courage without fear. A new kind of leadership develops from a person with the passion of their convictions, the direction and intention of their purpose, and the power of their courage to lead change and accomplish the impossible. The Muse was the mythological goddesses of inspiration who offered divine encouragement. I founded Muse to attract a cadre of employees to create a company I wish I had as a CIO -- encouraging and helping through people, process, and technology to achieve the executive's IT vision.