#CyberAware: Creating a strong password

businessman pressing cyber security button on virtual screensPasswords are an everyday part of life whether you’re logging into your work, bank or social media accounts.  You should do everything you can to protect your passwords and use different passwords for different accounts as described in an earlier tip regarding “password reuse.” More importantly, knowing what makes a weak and strong password can reduce the chance a hacker or unauthorized user can guess or crack your password.  At the State Auditor’s Office, our IT department requires a minimum of ten characters that includes at least one upper and lower case letter, a number, a special character. Also, no reuse of previous passwords. Continue reading

Survey shows states are concerned about cyber security, and making progress

Hacking Bypass Security

The National Association of State Chief Information Officers (NASCIO) conducts an annual survey of state Chief Information Officers to learn about the top policy and technology issues state governments face. State Chief Information Officers (CIOs) have ranked cyber security as the top priority on every survey since 2014. At the State Auditor’s Office, we are also concerned about cyber security. To help state agencies and local governments protect their IT systems and data, we conduct IT security performance audits designed to assess opportunities for improvement. We plan to continue these audits to strengthen the security posture of our state and local governments.

In 2016, the Deloitte-NASCIO cyber security study was completed. This study surveyed states’ Chief Information Security Officers (CISOs) for their perspectives and insights cyber security issues. Interestingly, some of what the state CISOs reported in the survey aligned with what state agencies reported to our Office during our IT security performance audits. Specifically, they named adequate resources, including funding and staffing for IT security, as a significant challenge. However, the study’s results indicate CISOs and CIOs are having a strong, positive impact on cyber security, which is encouraging.

“Vishing” can pose a threat

What is “Vishing”?

“Vishing” uses techniques that are essentially similar to phishing, the act of acquiring sensitive information via electronic communication while posing as a trusted entity. A vishing attack takes place over the telephone, using call spoofing, and tricks a user into disclosing personal information such as credit card numbers or a three digit security code.

Recent vishing attacks use an automated robo-caller stating that the victim’s security software was breached and requests them to call a number. Calling the number will connect the victim to a human who will attempt to access the victim’s workstation via Citrix remote access. Once they have access to your computer, they can do the following: Continue reading