As the election approaches state and national cybersecurity experts warn that cyber criminals will be increasing efforts to plant ransomware and attempt other disruptive and destructive acts targeted at state and local government. Staff should continue to be on the lookout for suspicious emails, texts, attachments and phone calls. Having strong internal controls for day-to-day operations and how to manage suspicious activity is one of the best ways to prevent disruption and damages from a cyber incident.
As part of Cybersecurity Awareness Month please take this opportunity to communicate with staff about potential threats and suspicious activity and remind them of how to reach out for assistance with questions or concerns. Testing your Incident Response Plan, Business Continuity Plan, and Disaster Recovery Plan will save time, resources and confusion if any type of incident occurs. Any investment of time in cyber awareness reduces the risks associated with incidents and is a cost-effective strategy. The Commonwealth default Enterprise Security Policies and Standards provide the current requirements and are a good way to double check compliance.
As part of internal controls departments must contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber- attacks, to ensure that CTR can act to protect enterprise systems or assist with mitigation strategies and continued operations. Visit the CTR Cyber Center for additional resources and links for Cybersecurity Tips and Alerts.