A message from Comptroller William McNamara marking Cybersecurity Awareness Month: “Pause Verify Report Every Day”
To our colleagues across the Commonwealth of Massachusetts:
Each October, we observe Cybersecurity Awareness Month, with a campaign reminding all employees to be vigilant against bad actors – those who seek to defraud the Commonwealth of public funds or to steal sensitive information. While the month of October is an opportunity to get educated and be reminded of the threats we face every day, we see it as the launching point for the Commonwealth to adopt a strong and secure, year-round, cybersecurity mentality and control structure.
Our partners in the Executive Office of Technology Services and Security work hard to provide a secure IT environment, but is the actions that we take as individuals that constitute the front line of our defense. In the Office of the Comptroller, we seek to provide each of you not just with reminders, but with training and tools you can use to be more secure.
To this end, the Office of the Comptroller will be publishing resources on our CTR Cyber Awareness Training page to help departments meet their compliance requirements under the updated Internal Control Policy and the annual Internal Control Certification. This includes training materials so that your department can re-enforce cybersecurity and internal controls awareness with employees throughout the year. We will also publish reference documents and continuously share guidance on issues that we will face in real-time. Just as cyber criminals are active around the calendar, every Commonwealth employee must be on alert 365 days a year.
We are providing these resources with an eye towards the go-live date for the Commonwealth’s new financial application, Mosaic, in January. When it replaces MMARS, we will benefit from added layers of security around the application itself. However, it only takes one slip-up to allow a cybercriminal to infiltrate the system. Our guidance aims to provide employees throughout the Commonwealth, our first layer of defense, with the mindset they need to be aware of cyber threats.
We have achieved success with our campaign to encourage employees to Pause Verify Report whenever they see something suspicious come in via email, as a way to keep the state’s systems secure. This year, we are taking it further, asking our users to Pause Verify Report Every Day.
We hope you and your departments can build Pause Verify Report and our additional guidance into the culture of your agency, as we all work together year-round to protect the Commonwealth’s finances and information.
Comptroller William McNamara