Cybersecurity heightened alert reminders
The Office of the Comptroller (CTR) urges all state agencies to routinely strengthen internal controls which include cybersecurity protections for Commonwealth assets such as data and systems. National cyber experts are encouraging entity leadership to work with IT and other staff to ensure continued cyber readiness:
Be on alert for suspicious activity and remind employees to notify IT staff immediately of interruptions, outages and suspicious emails.
Review all ports and disable all unnecessary ports and protocols.
Review third party vendors and Managed Service Providers with access to networks and data to ensure they are taking appropriate steps to mitigate risk.
Keep all systems updated and patched immediately when patches are available. See the Cybersecurity and Infrastructure Security Agency (CISA) Alert from January 14, 2020 Emergency Directive and Activity Alert on Critical Microsoft vulnerabilities that government agencies immediately update patches.
Ensure backups of systems are current and stored offline in case needed for recovery.
Implement and maintain hardened configurations of systems.
Ensure that the entity’s Disaster Recovery Plan and Incident Response Plan are up to date and staff are ready to implement.
See recent post at the MassCyberCenter from CISA Insights with additional helpful guidance related to increased geopolitical tensions and threats.
Subscribe to latest CISA Cyber alerts at bottom of the page at: US Department of Homeland Security National Cyber Awareness System Alerts.
Notify CTREmergencyNotification@mass.gov to alert the Office of the Comptroller of any cyber, security or suspicious incident in addition to any other required notifications. CTR needs to evaluate Enterprise System security. This box is monitored 24/7.
Contact CTR-Risk.Management.Team@mass.gov for questions or assistance with internal controls.