October Is Cybersecurity Month

Dear Colleagues,

It is hard to believe we have already crossed into the fall months of 2020. COVID-19 has riddled our lives with uncertainty and heightened our senses to how fragile life can be.  As we take time to reflect on the lessons we have learned during this pandemic, we must remain focused and resolved to continue working together, across state lines, to gain insight from our growing partnerships.

This October marks the 17th year for National Cybersecurity Awareness Month (read more here from CISA). The ever-changing cyber landscape has continued to evolve at a pace that renders many agencies defenseless to keep up. We (two Chief Information Officers in State Treasurer’s offices) are inundated on a daily basis with news stories of the latest attacks (here are some examples on ransomware attacks) and now that many of our employees are working from home, we have increased the attack surface.

While we are all working hard to serve our constituents remotely, bad actors, hackers, and criminals are busy trying to take advantage of the new risks we are all keenly aware of.  Here are a few examples we are experiencing because of home officing:

1.       Without the physical office, the communication channels are not efficient when we’re geographically separated from each other. Employees have not been able to turn around and check with their colleagues in the next cubicle. This is a constraint the hackers depend on during this COVID-19 era.

2.      Due to remote working, our IT teams do not have control of home networks. WIFI passwords, proper security updates of routers, and other networking equipment can cause issues beyond our IT’s scope.

3.      Receiving timely security updates and urgent communications through low bandwidth is another challenge. Since all aspects of life are impacted by COVID, employees are already sharing their home network with schools, personal devices, and work. Read more about COVID-19 attacks.

How do we mitigate these daunting tasks?

Friends, we get through this trying time with education and awareness. We suggest that you add information about cybersecurity in your internal newsletters with "Tips and Tricks " for securing a home network, increase your phishing awareness campaigns, and discuss cybersecurity questions and concerns on your staff  calls. All of us are experts at promoting the programs of our agencies, and promoting Cyber Security and good IT Hygiene should be no different. Learn more about how to "Do your part."

We understand we are all very busy with our responsibilities, and it is easy to get distracted working remotely, but this is the perfect breeding ground for security complacency. Despite our IT team’s multilayered security approach, individual Treasury employees are the best defense. Securing our agencies is not only an IT security problem or job function, but also relies on smart judgement and good cyber hygiene followed by all our staff.

We invite you to attend a webinar this afternoon titled: State Financial Operations and Technology/Management During and Beyond COVID-19. One of your guest writers will be a panelist speaking about rapidly changing technology and radically new options to enhance and streamline operations that have been accelerated by COVID-19. This is an opportunity to review the use of technology and operations to meet your day-to-day requirements, as well as modernize and improve services for our key stakeholders and constituents. The members-only free event starts at 2:30 pm ET/1:30 pm CT/12:30 pm MT/11:30 pm PT. To register for this event and learn more about the entire series, click here.

#BeCyberSmart

Joseph Daniels
Chief Information Officer
Illinois State Treasurer’s Office

PN Narayanan
Chief Information Officer
Pennsylvania State Treasurer’s Office