How You Can Leverage $1.9 Billion To Improve Cybersecurity In Your Community

Recently, the Biden Administration passed an infrastructure bill which included about $1 trillion in funding to government cybersecurity. This shone a new and much-needed light on the fact that government organizations, and the people within them, should be aware and diligent when it comes to cyber threats.

Recently, a number of cybersecurity attacks showed the U.S. Government the importance of having a secure infrastructure, designed to withstand cyber threats. With so much of day-to-day life moving online both as a result of the pandemic and due to evolving technology, cyberattacks are more and more commonplace. However, state and local governments, especially ones located in more rural areas, are often ill-equipped to handle them.

With this funding, Senator Maggie Hassan, who was a key influence in including the funds in this bill for this reason specifically, hopes to provide state and local governments with the tools and resources necessary to strengthen their cybersecurity.

With these issues finally being brought to light and resources being diverted to them, it might be time to take a look at your own government branch and see where you can improve the cybersecurity measures within your own team of government employees.

There is no training or measures required for state and local governments to take to improve cybersecurity. This both places the burden of responsibility on management and allows you to honestly evaluate the needs of your branch and request the appropriate resources. 

Something as simple as providing your team with online resources and training can be crucial to strengthening cybersecurity and protecting the infrastructure and economy of your community

Perhaps the more rural areas and their local governments were without resources to provide this sort of training to your team before. But now, with a new push towards not only encouraging re-enforcement in this area, but also providing the funding to allow it, getting local government employees trained via simple, effective, and cheap online courses is easier than ever! 

 

Cybersecurity in the Upcoming 2020 Elections

As the 2020 presidential election draws near, state and local government agencies are making preparations to counter present and future cybersecurity dangers that threaten to undermine our nation’s election process.

Last year, state and local governments suffered 162 ransomware incidents, and these attacks show no signs of letting up, even amid the global health crisis. 

To bolster the nation’s overall safety, the Cybersecurity and Infrastructure Security Agency has generated and released its plan for protecting not only the infrastructure of this year’s election but also the infrastructure utilized by campaigns and political parties. 

From disinformation campaigns to phishing attacks, CISA aims to identify and mitigate any security issues that might compromise the integrity of this election year. Some notable points from CISA’s plan include: 

  • Creating public awareness campaigns that discuss cybersecurity threats. 
  • Providing local and state cybersecurity officials, as well as private companies that provide voting equipment, with additional information about security threats. 
  • At the local level, helping to develop incident response and crisis communication plans. 
  • Offering services such as physical security assessments, remote penetration testing, and vulnerability scanning, among others. 
  • Conducting voluntary security assessments.
  • Working with private firms and briefing staffers about the best practices to follow regarding campaigns.
  • Providing the public and elected officials with information concerning foreign influence campaigns. 

Although these measures are being taken, CISA Director Christopher Krebs stated that much of the responsibility of securing the voting infrastructure will fall to the state and local government agencies.

Below you’ll find a list of enacted and pending bills relating to cybersecurity that have been made at the state level. 

State-Level Cybersecurity Bills: Enacted

  1. Alabama | AL S 54 – Status: Enacted, Chap. 98: Insurers and other entities licensed by the Department of Insurance must develop, implement, and maintain an information security program. It also provides for reporting to the Commissioner of Insurance, the confidentiality of provided information, and for civil penalties under certain conditions.
  2. California | CA A 74 – Status: Enacted, Chap. 23: Makes appropriations for the support of state government for the fiscal year and provides that activities performed by the office shall be designed to minimize overlap. It also works in coordination with statewide cybersecurity efforts. 
  3. Florida | FL H 5301 – Status: Enacted, Chap. 2019-118: Requires the designation of a state chief information security officer and creates the Florida Cybersecurity Task Force.    
  4. Florida | FL S 2500 – Status: Enacted, Chap. 115: Makes appropriations, including funds to county supervisors of elections for cybersecurity initiatives. 
  5. Georgia | GA H 30 – Status: Enacted, Chap. 3: Appropriates funds to the Georgia Cyber Innovation and Training Center to enhance cybersecurity technology for private and public industries through unique education, training, research, and practical applications.
  6. Georgia | GA H 31 – Status: Enacted, Chap. 319: Appropriates funds for cybersecurity training and cybersecurity initiatives in schools.
  7. Iowa | IA H 692 – Status: Enacted: Provides for penalties for using voter registration information, including resale or redistribution of the voter registration list without written permission of the state registrar, for purposes other than those permitted.
  8. Louisiana | LA H 74 – Status: Enacted, Chap. 292: Creates the crime of trespass against state computers, provides for elements of the crime, and also provides for criminal penalties.
  9. Mississippi | MS S 2831 – Status: Enacted: Establishes the Insurance Data Security Law and provides the purpose and intent of the act. It also defines certain terms within the act, requiring insurance licenses in the state to develop, implement, and maintain an information security program. The bill further requires certain notification, investigation, and confidentiality in a cybersecurity event.
  10. Montana | MT H.B. 2 – Status: Enacted, Chap. 483: This bill appropriates money to various state agencies for the upcoming biennium, including funding for many relevant cybersecurity programs and technologies, including next-generation antivirus software, cybersecurity staff, cybersecurity student programs, and many more. The State Information Technology Services Division will report to the legislative finance committee quarterly on the Montana Cybersecurity Enhancement Project.
  11. North Dakota | ND S 2110 – Status: Enacted, Chap. 468: Expands the powers and duties of the Information Technology Department to oversee cybersecurity strategy for all executive branch state agencies. This includes institutions under the control of the State Board of Higher Education, counties, cities, school districts, or other political subdivisions.
  12. Nebraska | S.B. 123 – Status: Enacted, Chap. 546: This bill enacts provisions governing the security and integrity of elections, requiring an annual training class on cybersecurity for those who administer elections. Any records of the Secretary of State or county or city clerk related to election information are confidential and not public records. They may be disclosed only under limited circumstances. 
  13. New Jersey | NJ S 2297 – Status: Enacted, Chap. 213: Revises provisions relating to the State Blockchain Initiative Task Force. 
  14. Nevada | NV S 69 – Status: Enacted, Chap. 392: Revises provisions relating to emergencies and cybersecurity.
  15. Nevada | NV S 123 – Status: Enacted, Chap. 546: Revises provisions relating to elections.
  16. Ohio | OH H 166 – Status: Enacted, Chap. 10: This bill provides funding for cybersecurity initiatives, including the establishment of a cyber range. The cyber range will: (1) provide cyber training and education to K-12 students, higher education students, Ohio National Guardsmen, federal employees, and state and local government employees, and (2) provide for emergency preparedness exercises and training for cybersecurity.
  17. Oklahoma | OK S 261 – Status: Enacted, Chap. 163: Relates to the security of election materials, coercion, and election emergencies. The bill also authorizes post-election audits for certain purposes, provides procedures, and specifies the duties of the Secretary of State Election Board and the Secretary of County Election Board. It also specifies requirements relating to office space and arrangements for county election boards while prohibiting the providing of false or misleading information to prevent registration or voting.
  18. Virginia | VA H 5001a – Status: Enacted, Chap. 1: Revises the budget bill; makes appropriations to various state agencies and programs, including cybersecurity programs.
  19. West Virginia | WV H 2452 – Status: Enacted, Act 123: Creates the West Virginia cybersecurity office and removes the requirements of the Chief Technology Officer to oversee the security of government information. Also created the Cybersecurity office  and provides that the Chief Information Security Officer oversees said office and is authorized to create a cybersecurity framework to assist and provide guidance to agencies in cyber risk strategy.

State Level Cybersecurity Bills: Pending

  1. Georgia | GA S 21 – Status: Pending – Carryover: Will require each local board of education to prescribe mandatory instruction concerning cybersecurity every year in every grade, from kindergarten through grade 12. It will also require the State Board of Education to prescribe a minimum course of study in cybersecurity, providing for duties of the State School Superintendent. 
  2. Illinois | IL H 2829 – Status: Pending: Will create the Financial Institution Cybersecurity Act. The bill provides that persons and entities operating under the authority of the Secretary of Financial and Professional Regulation under the Banking Act, the Insurance Code, the Savings Bank Act, the Credit Union Act, the Corporate Fiduciary Act, and the Residential Mortgage License Act must maintain a cybersecurity program to protect the confidentiality of their information system.
  3. Illinois | IL H 3017 – Status: Pending: Will create the Veterans Cyber Academy Pilot Program Act and provides that the Department of Veterans’ Affairs shall establish and implement a pilot program to provide veterans residing in the state with access to cyber security training, certification, apprenticeships, and additional resources to enter the cyber security field of work. The pilot program shall run from January 1, 2021 to December 31, 2023. The bill also provides specific requirements to the department in implementing the pilot program.
  4. Michigan | MI H 4348 – Status: Pending: This bill provides executive recommendations for an omnibus bill, including funding for improvement of the state’s cybersecurity framework.
  5. Minnesota | MN H 17 – Status: Pending – Carryover: Appropriates money from the Help America Vote Act account for certain authorized purposes and provides for the purposes of modernizing, securing, and updating the statewide voter registration system and for cybersecurity upgrades as authorized by federal law.

Needless to say, states and their local government agencies are going to be making a considerable effort to keep this election year secure and free of external interference. 

The federal government has made notable progress towards improved cybersecurity with the founding of CISA and other agencies, but much of our digital safety is still in the hands of local government organizations like yours. 

Staying Ahead of the Curve with Cybersecurity

With these new laws turning cybersecurity training into a requirement, it’s important that your organization be outfitted with courses that don’t just meet the educational standards but are also convenient and easily accessible to your employees. 

Since everyone is still working from home, getting your people into the office for training isn’t an option for most employers, which is one of the reasons that our online training solutions are ideal.

We offer current and on-demand courses dedicated to Cyber Security, which you can consume on your schedule.

As an ETS Learner, you also receive access to over 60 state and national affiliations and accreditations courses, the completion certificates, and the option to print course materials when needed.

Let’s all do our part in keeping our organizations, our people, and our elections safe from cyberthreats. 

Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!

Schedule Free Consultation

SWOT Analysis and Your IT System Security

Is your government organization’s IT system secure?

This is something that may be difficult to properly determine due to the constantly evolving nature of IT systems in general. 

Why? 

Because the security standards that were in place during the initial set-up of your IT systems (or even when you last updated them) may no longer meet the standards of today. 

Given the rise in cybersecurity attacks in recent years, properly assessing the security of these systems may mean the difference between enjoying another smooth workday and having to deal with a troubling data breach. 

A simple way to evaluate the security of your IT systems is through the use of a SWOT analysis. For anyone unfamiliar with the acronym, SWOT stands for Strengths, Weaknesses, Opportunities, and Threats

The exercise involves the identification of internal and external issues that work in favor of or to the detriment of the health and security of your IT systems. 

This approach to IT security works best when performed systematically which, in short, means defining your security objectives before initiating the SWOT analysis. 

These objectives can be anything from reducing the chances of cybersecurity breaches to determining the vulnerability of your organization’s Internet of Things (IoT) devices.

There are many options to choose from, but a good rule of thumb is to ensure that whatever objectives you set can be measured with relevant metrics. 

Now that we’ve covered the basics, it’s time to take a closer look at some example Strengths, Weaknesses, Opportunities, and Threats that may be relevant to your local government organization.

Strengths 

For smaller local governments, one strength can be the size of the organization. 

A larger organization can have more loose ends that are difficult to tie down, while a smaller organization may be nimbler, have tighter internal communication, and be easier to keep secure.

Another strength may be the number of IoT devices in use, such as cameras, routers, etc. Does your data center exist in a climate-controlled environment? If so, this would also be a strength since it increases system reliability, which reduces potential downtime. 

Weaknesses

Determining the weaknesses of your organization’s IT system can be a bit trickier than pinpointing its strengths. 

Most weaknesses tend to be technical in nature, and as a result, they can be as small as having poor cable management or as large as lacking an overall patch management system. 

The important thing when identifying weaknesses is to ensure that they are well-defined so that it is easy to act on them. 

Some other weaknesses might include a lack of antivirus programs, not employing a reasonable number of staff on tech support, or not having a defined security culture within the organization.  

Opportunities  

Unlike weaknesses, identifying opportunities for your IT systems can be a fairly straightforward process. Are there new software tools that can improve your security? What about tools that could automate previously manual processes? 

Does your organization have a surplus of funds, and if so, would it make sense to allocate them to your IT department? Such opportunities are typically low in cost and can save your organization a vast amount of time, money, and energy if acted upon.

Threats

Threats, like opportunities, are generally easy to define. For instance, open Wi-Fi connections are an obvious threat as they grant network access to individuals with malicious intent. 

Another threat that is easy to overlook is the age of your computer systems, since older systems may slow productivity and result in unnecessary downtime. 

Depending on the location of your organization, it may be prudent to consider environmental threats to your IT systems. Would your data centers be susceptible to damage via earthquakes? What about hurricanes? 

Identifying these threats may also help you recognize opportunities. For instance, if most of your data centers are on-site, it may make sense to experiment with cloud storage. 

How to Begin Your SWOT Analysis 

The first place to begin a SWOT analysis is with a good template, which can be found in the document linked here. There are other templates online that may better suit your organization, so feel free to look elsewhere. The next step is to begin the security assessment.

Attempting to assess the security of your organization’s IT system can be a difficult internal task for many reasons. One reason may be that your team is too close to the problem to clearly see it. Another might be that your entire team is too busy to deal with it appropriately.

These barriers, among others, are why hiring an experienced outside assessor could help. Someone with expertise in this area would be able to smoothly analyze all four parts of your IT system’s SWOT without much difficulty. 

If your organization has neither the time to handle a full SWOT analysis on your own, nor the budget to hire an external assessor, don’t worry. 

Another viable exercise is to set up a two-day workshop where everyone within the IT department of your organization brainstorms a list of strengths, opportunities, weaknesses, and threats. 

This would by no means be as thorough as a formal SWOT analysis, but the effort could still go a long way. 

The most important thing is to take action sooner than later, especially since the number of cybersecurity threats aimed towards government organizations is only going to increase as technology inevitably continues to advance.

Expert Cybersecurity Tips on Demand

Understanding how to conduct a formal SWOT analysis is important, but it’s only one facet of protecting your IT system from cybersecurity attacks. 

To continue your learning, ETS offers a wide selection of quality videos, ebooks, and courses covering a variety of IT and management-related topics.

Become proficient in relevant subjects such as phishing, malware, ransomware, and more. You’ll gain access to the knowledge needed to improve your system’s security so that, when the next threat comes your way, you’ll be more than ready. 

Schedule your free consultation to learn more.

Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!

Schedule Free Consultation

The Top 5 Cybersecurity Threats to Schools (And How You Combat Them)

 

Cybersecurity threats hacked code
Cybersecurity threats in schools are growing and demand immediate attention to protect everyone’s sensitive information.

Since January of 2016, there have been 418 cybersecurity Incidents (and counting) in K-12 schools across the United States.

That number will continue climbing if schools don’t tighten their IT security.

But why are hackers targeting schools?

Well, according to Mary Kavaney, the chief operating officer of the Global Cyber Alliance, “school environments often don’t have a lot of technology resources dedicated to security, but have some of the richest personal information on people, including social security numbers, birth dates, and, potentially, medical and financial information.”

She went on to say, “If bad actors can access student [personal data], that information can be exploited for the purpose of fraud and committing crimes for years before it is detected. It’s often only upon application for a job, or application for financial aid to attend college that students find out that their social security number has been used fraudulently — they may have poor credit due to false applications against their history, or worse, find that crime has been committed in their name.”

To solve this problem, schools first have to know what techniques cyberattackers use to hack their school.

The Top Cybersecurity Threats Facing Schools

According to CoSN (the Consortium for School Networking), there are 5 major cybersecurity threats schools need to be aware of. They are:

Phishing

We wrote about phishing in this post on cybersecurity tips for employees. It’s one of the most effective and dangerous hacking techniques.

Phishing is simple: a hacker sends an email pretending to be someone they’re not (like a personal acquaintance, coworker, vendor, etc.) and usually asks you to click a link within the email. The link will install malware on your system and allow the hacker to access personal information or creep from your computer to someone else’s to access your data.

DDoS

DDoS attacks are another favorite of cyberattackers.

It works like this: hackers build a network of infected computers (botnets) and use them to flood your server with traffic, crashing it. While your data won’t be stolen, it can certainly be lost, along with plenty of worker productivity, and money, as a result.

Data Breach

A data breach is the big one everyone should worry about, for good reason. It’s how hackers steal identities, credit cards, and any other valuable information that can be abused or sold.

According to the Identity Theft Resource Center (ITRC), “The number of U.S. data breach incidents tracked in 2017 hit a new record high of 1,579 breaches.” That means there’s been a “44.7% increase over the record high figures reported for 2016.”

Ransomware

Ransomware is one of the scariest cybersecurity threats out there. Hackers infiltrate your computer (through other techniques like phishing) and then encrypt your data and require you to pay a ransom to regain access to the data.

The most infamous ransomware is WannaCry, which infiltrated over 200,000 computers in 150 countries in 2017.

IoT Vulnerabilities

The “Internet of Things” (IoT) is a growing line of devices, appliances, and other objects that are connected to the internet. From watches to coffee grinders to thermostats, these little machines offer new innovations and many more dangers.

Many IoT devices aren’t regularly updated and often lack the security measures required to prevent hacking attempts.

How to Combat Cybersecurity Threats in Schools

Schools are vulnerable, as we’ve made abundantly clear in this post.

But you can protect your school, your students, and your data from hackers.

One way to do it:

Train K-12 students in cybersecurity.

This gets students involved in hunting for cybersecurity solutions and potentially prevents some students from launching their own hacking attacks against their school.

Plus, they may be able to help administrators ward off attacks.

The only thing needed is an on-demand portal where students can learn basic and advanced cybersecurity skills in the classroom, the bedroom, or on the go.

Enterprise Solutions can be that portal.

We offer books, videos, and courses on topics such as:

  • Cybersecurity and Cyberwar: What Everyone Needs To Know
  • Cybersecurity: Public Sector Threats and Responses
  • Implementing the NIST Cybersecurity Framework

And much more.

To get started, claim your free 14-day trial of Enterprise Systems below.

Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!

Schedule Free Consultation

Local Government Cybersecurity: It’s (Really) Bad, but You Can Save It

 

local government cybersecurity
Local government cybersecurity is currently highly insecure, but the situation can be improved

Local government cybersecurity is in bad shape, and many local governments are being attacked at an escalating rate as a consequence.

Atlanta’s municipal government was crippled by a ransomware attack.

Baltimore’s 911 dispatch system was hacked by an unknown person or group.

The city of Allentown, Pennsylvania was attacked by malware known as Emotet.

And More than 2,000 Windows-based computers at CDOT offices in Colorado were brought down by a virus known as SamSam.

What do all these attacks have in common?

They all involve local governments and they all happened earlier this year.

Your local government could be next.

To help you prevent a potential attack, we’ll show you why local government cybersecurity is in such poor condition, the top threats local governments face, and a few surefire local government IT solutions you can implement immediately.

How Bad is State and Local Government Cybersecurity?

Really, really bad.

At least, according to the Cybersecurity 2016 Survey conducted by the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC).

Here’s what they found:

  • 44% of all respondents said they experience cyberattacks on a daily basis
  • 39.9% of local governments DO NOT catalog and count attacks
  • 66.4% of local governments use an informal system of cybersecurity management, as opposed to a formal system
  • 62.4% of local governments have NO IDEA whether they’re being breached or not
  • 51.3% of local governments say they’re not practicing better cybersecurity because they receive no end-user training whatsoever

These are dismal findings and point to a worrying lack of proactive steps being taken to protect vital information and infrastructure in local governments across the nation.

The most disturbing data-point is the non-existence of cybersecurity training for end-users since end-users are most likely to fall prey to a hacker’s traps and tricks.

Without a formal system of cybersecurity, a record of attacks, and proper cybersecurity training, you’re exposing your agency to a variety of serious cyberthreats.

What are the Greatest Cybersecurity Threats to Local Governments?

We recently listed cybersecurity predictions for 2018 that don’t look good, but we didn’t focus specifically on cyberthreats.

So we looked at what others predict as the greatest cyberthreats to local government. Here are a few we found from OneNeck IT Solutions:

Denial of Service Attack (DDoS)

A DDoS attack is a cyberthreat that attempts to shut down a system or make it inoperable by flooding it with traffic from multiple sources.

Hackers build networks of infected computers, called botnets, by spreading malicious software to machines – allowing them to control those infected computers remotely to carry out a DDoS attack.

This is a favorite attack used against governments. Even the NSA website was brought down by a DDoS attack.

Social Engineering

Social engineering is a catch-all term that refers to various methods of manipulation used against end-users to install malicious malware or steal data.

Phishing is one of the most common forms of social engineering. It relies on fake emails embedded with malicious links that install malware when clicked or fake websites that steal your login information after you’ve entered it.

All forms of social engineering attempt to trick you into giving the hackers control over your machine or access to information they can use to extort your agency.

Advanced Persistent Threats (APT)

APT is a set of continuous computer hacking processes that use stealth tactics to infiltrate your network and remain undetected for as long as it takes to gain access to privileged information and steal sensitive data.

APT attacks may initially use phishing or any other social engineering scam to create one or multiple backdoor entry points, allowing other hackers to worm their way into your network, slowly chipping away at the rest of your IT security layer until they’re discovered or achieve their objective.

How to Improve Government IT Security

The sad state of local government cybersecurity combined with the dangerous cyberthreats they face paints a grim picture for the future, but all is not lost.

There are numerous steps local governments can take to improve IT security across their organization.

Here are some of the most important steps you can take today and into the future:

Perform a Security Assessment

How do you know if your local government is secure?

By inspecting and testing your entire IT infrastructure to identify and secure weaknesses externally and internally.

By knowing your vulnerabilities, you can direct your limited resources to fix the weakest links in your cybersecurity chain.

Work Together with Other Governments

Governments from the federal to the state and local level are under attack from cybercriminals. To beat them, governments need to join forces to share knowledge and resources.

Intergovernmental cooperation strengthens your cybersecurity position by learning from the successes and failures of other governments’ IT security policies while gaining access to experts you may not have in your agency.

Outsource IT Security

Speaking of IT security experts, they’re not always kept in-house. And in many cases, IT experts who are trained to handle the looming threats of today (while anticipating the threats of the future) are difficult to find in the public sector.

That’s why many local governments choose to outsource their IT services.

Plus, since the lack of appropriate funding is often pointed to as one of the biggest reasons why robust cybersecurity in local governments is lacking, it makes sense to hire a private company that will cost far less than hiring in-house staff.

Enable User Access Management

User access management, also called privileged access management (PAM) is a method of controlling what information each team member can access.

Since end-users are typically the weakest cybersecurity links in your organization, and hackers rely on tricking them to gain access to more privileged information, it logically follows that you should restrict end-users’ access to sensitive information whenever possible.

Most people in most positions only need a specific set of data to do their jobs.

Therefore, they should be restricted from accessing any information outside of that core data set to protect your agency from infiltration in the case that an end-user falls victim to a phishing attack, for example.

Adopt the NIST Framework

The NIST Framework provides a common language and systematic methodology for managing cybersecurity risks.

The latest version of the NIST framework was released on April 16, 2018.

According to Secretary of Commerce Wilbur Ross, “The voluntary NIST Cybersecurity Framework should be every company’s first line of defense. Adopting version 1.1 is a must do for all CEO’s.”

But it’s not just made for the private sector. The NIST Framework has been successfully adopted by federal, State, and local governments.

According to NIST Director Walter G. Copan, “The release of the Cybersecurity Framework Version 1.1 is a significant advance that truly reflects the success of the public-private model for addressing cybersecurity challenges.”

Establish a Cybersecurity Culture

Every employee in your agency should be hyper-vigilant against impending cyberthreats.

It’s not just managers, commissioners, and elected executives who have to worry about these threats. In fact, it’s their job to instill a cybersecurity awareness culture from the top-down.

In the same way that you can create a culture of continuous learning in your agency, you should attempt to create a culture of continuous cybersecurity learning and training in your agency.

Train Your Employees

We’ve been harping heavily on the vulnerability of end-users, which is why the most important cybersecurity tip we can offer you is to train your employees.

There’s no high-tech substitute for smart, safe, and knowledgeable employees. They are your last line of defense against threats.

A hacker can send out all the phishing emails he wants, bypassing all your internet and email security systems. But if none of your employees fall for the scam, your data will remain safe.

So what’s the best way to train your employees in cybersecurity?

Find and use high-quality cybersecurity training resources.

But where can you find cybersecurity training made specifically for local governments?

Right here at Enterprise Training. Below are just a few of the many guides we have available for you.

  • Cyber Threat!: How to Manage the Growing Risk of Cyber Attacks reveals the extent of the cybersecurity problem, and provides a plan to change course and better manage and protect critical information.
  • Cyber Security Culture: Counteracting Cyber Threats through Organizational Learning and Training provides in-depth research to assist managers in forming policies that prevent cyber intrusions, put robust security systems and procedures in place, and arrange appropriate training interventions.
  • The Information Systems Security Officers Guide: Establishing and Managing a Cyber Security Program Third Edition provides information on how to combat the ever-changing myriad of threats security professionals face by presenting practical advice on establishing, managing, and evaluating a successful information protection program in a corporation or government agency.

And here’s a sample video from one of our cybersecurity courses:

If you want these guides and even more cybersecurity training, then contact us below to get started with a free 14-day trial of Enterprise Training.

Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!

Schedule Free Consultation

 

6 Cybersecurity Predictions for 2018 That Don’t Look Good

 

cybersecurity predictions 2018
Our cybersecurity predictions for 2018 see old threats and new threats rising up

Cybercrime is escalating, and no one is safe.

The costs of data breaches will reach $2.1 trillion globally by 2019, according to Juniper Research.

That’s 4x the estimated cost of data breaches in 2015.

Major corporations like Equifax have been breached while major city Governments like Atlanta were shut down and extorted earlier this year.

Unfortunately, things will get worse before they get better.

Below we list our cybersecurity predictions for 2018 and beyond.

Our hope is that this list will help you identify and guard against increasing cyberattacks.

Top Cybersecurity Predictions for 2018

Simple Password Logins Are Increasingly Risky

81% of hacking-related breaches leveraged either stolen and/or weak passwords, according to the 2017 Data Breach Investigations Report from Verizon.

This trend is predicted to continue if companies and governments don’t use stronger logins such as multi-factor authentication or risk-based authentication.

Cyberattackers Will Rely on AI to Hack Your Data

Why do the work yourself when a computer can do it for you?

That’s exactly what many hackers thought as they began implementing AI-powered cyberattacks.

Here are a few ways hackers can execute attacks using AI:

  • Phishing, spam, and fraud using chatbots
  • AI-powered password hacking
  • AI attacks on AI cybersecurity software

Attacks on IoT Devices Will Rise

It’s only getting easier for hackers to infiltrate the Internet of Things. That’s partly driven by the increasing prevalence of IoT devices.

More than half of major new business processes and systems will incorporate some element of the Internet of Things by 2020, according to Gartner, Inc. This applies to government agencies as well.

The most common method used to hack an IoT device is a botnet – a collection of compromised IoT devices, such as cameras, routers, DVRs, wearables and other embedded technologies, infected with malware.

IoT botnets spread fast, attempting to infect as many devices as possible, potentially compromising hundreds of thousands of machines.

The infamous Reaper botnet infected a million networks alone.

Carefully choosing what IoT devices you use and don’t use is one of the few ways to minimize these types of attacks until security for these devices becomes more robust and effective.

Cyber-Hijacking Will Become More Commonplace

As more transportation systems operate automatically (without safeguarding their software), hackers will be able to hijack their systems remotely and demand a ransom before relinquishing control.

Charlie Miller and Chris Valasek demonstrated their “zero-day exploit” on a Jeep Grand Cherokee back in 2015 – software that lets hackers send commands through the Jeep’s system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

The rise of self-driving cars in the next few years will make this issue even more urgent.

GDPR Will Force Companies and Governments Globally to Strengthen Security or Face Stiff Fines

The General Data Protection Regulation (GDPR) will come into effect on May 25, 2018 and will mark a new era of mandatory cybersecurity compliance in the EU and across the world.

The GDPR was “designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”

While the GDPR can be seen as a big step in the right direction, it does scare many businesses and governments globally who are far away from complying with these new regulations.

Some U.S. based companies will fall under the jurisdiction of GDPR if they operate in other countries or target customers in other countries.

And if companies or governments under the jurisdiction of the GDPR don’t report a breach to a regulator within 72 hours, they could face fines of 2-4 percent of global revenue.

State-Sponsored Cyberattacks Will Increase

As cyberattacks become cheaper and easier than traditional warfare, hostile Governments will naturally use them more and more to exploit their rivals’ vulnerabilities.

According to The Hill, “A suspected North Korean hacking campaign has expanded to targets in 17 different countries, including the U.S., pilfering information on critical infrastructure, telecommunications and entertainment organizations, researchers say.

Cybersecurity firm McAfee released new research on the hacking campaign this week, calling it Operation GhostSecret and describing the attackers as having “significant capabilities” to develop and use multiple cyber tools and rapidly expand operations across the globe.”

That’s just one example in a string of examples of States initiating cyberattacks on other States.

Governments must ensure that their networks are isolated from the internet, their systems are extensively checked regularly, and their employees are trained to identify and prevent cyberattacks.

What Can You Do to Guard Against These Cybersecurity Threats in 2018?

Knowing your enemy is only half the battle.

The second half is knowing how to prevent them from attacking you and knowing what to do if you are attacked.

We’ve compiled a few critical resources to help you train your employees and protect your agency against cybercriminals.

  • Cyber Threat!: How to Manage the Growing Risk of Cyber Attacks reveals the extent of the cybersecurity problem, and provides a plan to change course and better manage and protect critical information.
  • Cyber Security Culture: Counteracting Cyber Threats through Organizational Learning and Training provides in-depth research to assist managers in forming policies that prevent cyber intrusions, put robust security systems and procedures in place, and arrange appropriate training interventions.
  • The Information Systems Security Officers Guide: Establishing and Managing a Cyber Security Program Third Edition provides information on how to combat the ever-changing myriad of threats security professionals face by presenting practical advice on establishing, managing, and evaluating a successful information protection program in a corporation or government agency.

And here’s a sample video from one of our cybersecurity courses:

If you want to discover powerful tools, tactics, and strategies for protecting your organization against cyberattacks, then you need to get these critical guides.

How do you get them?

By contacting us directly and getting a free 14-day trial of Enterprise Training below.

Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!

Schedule Free Consultation

8 Cybersecurity Tips Your Employees Need to Know

Every Government agency needs to teach their employees basic cybersecurity tips
Every Government agency needs to teach their employees basic cybersecurity tips

Your Government agency is in danger.

Sam Kim, the Chief Information Officer of Clark County, told Government Technology that “Local Governments are attractive targets [for cybercriminals]…regardless of how big or small you are, you need to be vigilant.”

These remarks underscore the necessity of actionable cybersecurity tips, advice, and knowledge that so many agencies lack.

But it’s not you – IT professionals – that are lacking in this knowledge.

It’s everyone else.

The end user is the most dangerous IT security liability in your agency.

The IBM Security Services 2014 Cyber Security Intelligence Index report found an incredible and disturbing trend:

Of nearly 1,000 clients in 133 countries, over 95% of all cybersecurity incidents involved “human error” as a contributing factor.

According to the report, “The most commonly recorded form of human errors include system misconfiguration, poor patch management, use of default usernames and passwords or easy-to-guess passwords, lost laptops or mobile devices, and disclosure of regulated information via use of an incorrect email address.”

With Cybersecurity Awareness Month beginning in 2 days, it’s the perfect time to help your co-workers brush up on their IT security knowledge.

8 Cybersecurity Tips for Protecting Your Agency

Here are 8 cybersecurity tips that you can use to help the end users in your agency recommit to cybersecurity best practices.

We’ve also included a few ideas on how you can educate your employees on these tips to help you create a basic program for educating, training, and encouraging everyone in your agency to play a proactive role in protecting your organization from cyberattackers.

Create Strong Passwords

This is an essential cybersecurity tip for people who don’t quite understand the nuances of IT security and the risks of an easy-to-hack password.

Let them know that one of the most powerful security organizations in the world, the Department of Homeland Security, specifically suggests these tips:

  • Never use your name, or the names of your kids or pets, or any other easily findable information about yourself
  • Don’t use common passwords
  • Break up your passwords with marks and symbols like @, !, #, 1, 9, etc.
  • Always use a combination of lowercase and uppercase letters

You should also consider implementing a “password change policy” that mandates a routine password change every 45-90 days, with an explicit rule against using the same password over and over again but with a different number or character at the end (we’re sure you’re well aware of THAT guy).

Lock up All Your Devices Whenever You Leave Them

When your employees leave to take a lunch break, go to the bathroom, or go home at the end of the day, you need to make sure they always remember to lock their computer, tablet, phone, or other device that stores sensitive information.

The few minutes it takes for them to grab a snack or smoke a cigarette is just enough time a malicious insider needs to steal valuable data.

There are 2 things you can do to get your employees in the habit of locking their machines:

You can play the “Donuts Game” and/or you can encourage “Goating.”

Both are humorous, fun, and effective ways to get everyone involved in identifying bad security practices.

Be Aware of Phishing Emails

This is an essential and easily forgotten cybersecurity tip:

Be hypervigilant regarding your email and links in your email – you might be getting “phished.”

You have to repeat this over and over and over again to people who don’t live and breathe cybersecurity.

Educate your employees about phishing and tell them that it’s one of the most common email scams out there.

Let them know how it works:

  • The “phisher” poses as a legitimate business, agency, or person and sends you a spoofed message.
  • The message is usually urgent, and the sender will almost always ask you to click on a link to resolve the issue.
  • Once you click on the link, it will either install malware on your device or send you to a spoofed website that steals the information you input into it.

And let them know how to avoid being phished:

  • Double-check the sender to verify it’s an email address you recognize.
  • Look for blatant and consistent spelling errors in the body of the email (this is a hallmark of both spam and phishing emails).
  • Contact the sender directly, either in person or by phone, to verify that they actually sent you an email.

Install an Antivirus

We know some IT security experts don’t use antivirus, while others argue that antivirus is still important.

One thing we can all agree on is that the end user absolutely needs an antivirus because they’re far more likely to engage in riskier behavior than you are.

The 2017 Government Internet Security Threat Report offered a staggering statistic that you could pass on to your employees:

The number of detections of ransomware increased by 36% from 340,000 in 2015 to 463,000 in 2016.

Bottom line:

Don’t allow your employees to work on their machines without the antivirus running, and make sure it’s set to update automatically.

Use a VPN

Setup and strongly encourage the use of a VPN.

Let your employees know how critical a VPN is to their security and safety, especially when accessing data remotely.

Enforce a policy that simply states “every employee must access the company’s network using their VPN.”

Enforce Strict Access Privileges

Your staff should only have access to information that they need to access in order to perform their job functions.

Any access beyond that point puts your agency at risk.

Financial data, other employees’ data, official information, etc. should only be accessed by particular team members and managers.

Use access control on your organization’s intranet, on commonly used software, and on any other work-related programs.

Develop a Disaster Recovery Plan

A disaster recovery plan (DRP) is a set of procedures and resources to control the fallout of an unexpected attack, accident, or disaster.

A good DRP eliminates guesswork and enhances your team’s response effectiveness during an emergency.

To develop a solid plan, make sure to:

  • Take inventory of all your hardware, software, devices, and data
  • Ensure everything is consistently being backed up
  • Ensure you have the appropriate hardware and software required to perform a backup if needed
  • Assign a project manager to oversee the creation and maintenance of your DRP
  • Test your plan regularly to ensure it can appropriately respond to unexpected threats
  • Get your whole team involved in creating and executing your DRP

Provide On-Going Cyber Security Training to Your Staff

Use our cybersecurity tips to begin engaging your employees in an ongoing effort to protect your agency from cyberattackers.

Attempt to cultivate a cybersecurity awareness culture amongst all of your employees. Make it so that it’s not just October when everyone starts practicing good online behavior – they take cybersecurity seriously all year-round

If you want to secure your agency against serious threats, then get serious about training and educating your staff about the importance of cybersecurity.

Of course, only IT professionals need IT exam preparation tips to prepare for certification tests to upgrade their skills and knowledge

But your employees could benefit from formal courses in order to help defend your agency from serious threats.

Now, it’s true that it’s not easy to find good IT security training materials and instructors. And it’s also not easy getting your employees to learn – what with some people preferring microlearning, while others preferring long-form learning.

But the effectiveness and cost of eLearning changes all of this.

Now, you and your non-IT staff can continually educate yourselves and stay up-to-date with the latest threats and threat prevention tools and procedures.

Where can you find all this information?

Right here at Enterprise Training Solutions.

Cybersecurity Tips On-Demand

With videos, ebooks, and courses on topics ranging from phishing to malware to ransomware, we give you access to all the knowledge you need to improve your current security posture and prepare for any future threats.

Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!

Schedule Free Consultation

 

How to Become DoD 8140 Compliant and Boost Your IT Career

To get a job in information assurance you’ll need to be DoD 8140 compliant.
To get a job in information assurance you’ll need to be DoD 8140 compliant.

Are you an IT professional trying to work for the Department of Defense (DoD) or other Government agency?

Then you’ll need to be officially certified. And you’ll need to know about the recent changes in regulations.

The newest directive to be released from Washington is Department of Defense Directive 8140, also known as DoDD 8140 or DoD 8140.

Its purpose is to update and expand the established policies and responsibilities managing the DoD cyberspace workforce which were introduced in the 2005 manual on information assurance (IA), DoD 8570.

DoD 8140 is pretty much the most important document to understand if you want to get a job or keep your job in IA with the Government.

We’ll show you exactly what DoD 8140 and DoD 8570 are, what they mean, what you need to know about the changes, and how to confidently move forward and succeed in your career.

What is DoD 8140 and DoD 8570?

DoD 8570 was created in 2005 to prevent the influx of unqualified and inexperienced professionals from performing highly technical and challenging information assurance jobs within Government agencies.

It laid out the requirements for all IA professionals hoping to competently perform their respective roles.

But, since the technology used to access and interface with DoD networks has dramatically changed since 2005 – with the introduction of smartphones, cloud, and wireless – the Government needed a new framework.

DoD 8140 was designed to replace DoD 8570 and is an essential step toward the better organization and clearer delineation of job functions and tasks.

Essentially, DoD 8140 provides the newest guidelines and builds upon the established policies of DoD 8570.

What Does DoD 8140 Mean for Your IT Career?

The DoD 8570 Manual gave all personnel 4 years to become compliant with the required commercial certifications, such as CompTIA Security+, CompTIA Network+, etc.

Under the new rules of DoD 8140, all personnel are required to become compliant within 6 months of employment.

That means you better know what certifications you need and how you’re going to study for them before you even get a job.

But there won’t be a DoD 8140 manual until 2018 or later…

How Can You Become DoD 8140 (DoD 8570) Compliant?

The only way to become DoD 8140 compliant is by adhering to the updated standards of the DoD 8570 Manual.

Thankfully, this is pretty straightforward.

Here’s a summary of the workforce qualifications for DoD 8570 and DoD 8140:

dod 8140 summary of workforce qualification requirements

Here are the DoD approved baseline certifications:

dod 8140 baseline certifications

If you want to obtain any of these IA baseline certifications, you’ll have to follow a few specific steps:

  1. Contact your Information Assurance Manager (IAM) and follow your Component’s procedures to identify your position, level, and certification requirements.
  2. Obtain training for the IA certification you want to complete.
  3. Request a certification voucher from your IAM.
  4. Once you pass your certification, register it in the Defense Workforce Certification Application (DWCA).
  5. Notify your IA manager once you’ve completed your training and received your certification.

Steps 1, 3, 4, and 5 are clear-cut and rely on you going through the appropriate IASE channels.

But step 2 requires a little extra effort on your part.

You have to find high-quality training that gives you the IT exam preparation materials you need to obtain an IA baseline certification.

Without it, there’s no way to meet the 6-month certification requirement, and there’s no way to move forward in your career.

If you want proven training materials for nearly all of the IA baseline certifications and beyond, we can help.

Become DoD 8140 Compliant and Accelerate Your IT Career

From CompTIA A+ to Certified Information Systems Auditor (CISA), we have all the course materials, study guides, ebooks, and video courses you need to learn at your own pace, on your own time. We cover nearly all of the baseline IA certifications, and our staff is ready and willing to help you find the information you need to succeed today, and into the future.

Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!

Schedule Free Consultation

 

6 Proven IT Exam Preparation Tips That Will Help You Pass the Test

With the right tips, IT exam preparation can be fun and easy.
With the right tips, IT exam preparation can be fun and easy.

To receive a career-making IT certification, you’ll need some proven IT exam preparation strategies.

Many professionals today still treat exams like they did in college:

  • Read (or skim) the book and study materials once
  • Pull an all-nighter
  • Take the exam

You’re going to be sorely disappointed when you apply this strategy and fail.

Instead of doing what rarely works, why not try a few strategies that almost always work?

We’ve compiled 6 tips for effective IT exam preparation. If you apply them to your studies, you’ll be much more likely to pass the exam, get your certification, and move forward in your career.

6 IT Exam Preparation Tips

Create a Study Plan

There is a well-documented technique for remembering information over the long-term.

It’s called the spacing effect, and it’s critical for IT exam preparation.

If you know when you’ll be taking your exam, you can break down your course materials to determine how much you need to study each day, and when you can review that information a few more times before the exam date.

Here’s how to do it:

  • Create an outline
  • Mark relevant pages of books you’re studying
  • Mark times on videos you’re watching
  • Gather all your class materials
  • Create flash cards
  • Create a timeline
  • And forget about cramming

Stick to your study plan, and you’ll be much more likely to retain most of the information you learn, as opposed to your last-minute, late-night friends who will forget what they were studying by the morning of the exam.

Sleep Well

Speaking of late nights, it’s best to avoid all-nighters and inefficient sleep patterns altogether.

Students who regularly pull all-nighters end up with lower GPAs according to a St. Lawrence University study.

You’re better off studying regularly and sleeping well then cramming and not sleeping at all.

Use Memory Techniques

There are a wide variety of memory techniques to help in your IT exam preparation.

Mnemonic devices like acronyms are particularly powerful.

Acronyms abbreviate a set of words down to the first initial of each word.

It works like this:

  • Choose a term, concept, or rule that you’re studying
  • Create an acronym using the first letter of each word
  • Memorize the acronym or make up a silly phrase for it

For example, the order of operations in math – parentheses, exponents, multiplication, division, addition, subtraction – can be memorized using the acronym “PEMDAS.” or can be expanded into:

Please Excuse My Dear Aunt Sally.

Form a Study Group

A study group leverages the knowledge and skills of other people to improve everyone’s IT exam preparation strategies.

Here are a few ways to make a study group useful:

  • Do all of the studying together
  • Quiz each other every session
  • Take practice exams together and discuss the answers afterward
  • Set time limits for your study sessions
  • Set goals to focus on during study sessions
  • Use a quiet space that won’t be distracting, but try to study in different rooms for maximum results

Stay Physically Healthy

Multiple studies confirm that regular exercise, especially cardio, significantly improves the problem-solving and memory functions of your brain.

Eating foods that are good for your brain before and during a test is an easy way to prepare for a tough IT exam as well.

Making sure to take regular study breaks is also important. Your brain needs time to process the information you’re learning. Take a day off every once in awhile and do something fun and leisurely.

Use Practice Exams

While the rest of the IT exam preparation tips we’ve given you will be helpful to some, they’re not helpful to all.

One of the few proven tools for excelling on exam day is taking a practice exam, according to a study from Henry L. Roediger.

Practice exams give you a taste of what to expect when you sit down to take your real exam.

It helps you work through your anxiety, pace yourself, time yourself, and find out how much information you can recall from your studies.

If you’re trying to pass the gold standard of IT exams, CompTIA, then it’s imperative that you take practice exams.

But where can you find good practice exams?

Sure, there are plenty of practice questions all over the internet, but there are very few practice IT exams that will actually mimic CompTIA or something similar.

If you want train your brain to be ready for exam day, and take advantage of one of the most powerful study techniques, then we can help.

Enterprise Training Makes IT Exam Preparation Easy

If you want to take your IT career to the next level and need effective practice exams to do it, then we’ve got you covered.

We offer a wide variety of certification training and exam prep materials from industry leading vendors, including Project Management Institute, Microsoft, CompTIA, Cisco, Amazon, TOGAF, Six Sigma, ITIL, IIBA and more.

Experience the proven, easy-to-use, and cost-effective benefits of online training – explore our complete list of certification curricula today!Learn More