Cybersecurity Plan

 

Cybersecurity Awareness

Louisiana is home to many different cultures, religions, companies, private agencies, and so much more. We may not all agree on the same recipe to boil crawfish, but what we do know is that we are all connected. Not just our good old southern hospitality but also, we love our technology and the convenience it provides to us.  Louisiana’s cyberinfrastructure has increasingly been under attack in recent years. It is critical that government agencies, private industries, and we the citizens, take precautions to reduce the likelihood of becoming victims of cyberattacks. It is also important that we all have a plan that will minimize the impact if attacked and facilitate a quick return to normal operations. Not only is your business network at risk but your personal network as well.

Tips to avoid becoming the victim of a cyberattack:

  • Stay Up to Date
  • Protect Your Systems
  • Prevent Unauthorized Access
  • Safeguard Administrative Accounts
  • Backup Your Data
  • Use Social Media Wisely

Stay Up to Date

Software updates are essential for your electronic devices to function securely. Ensure all software, applications, and operating systems are always updated and patched with the latest security patches, by doing you are a less attractive target for cyber-attackers.

Protect Your Systems

It is recommended that all systems run end-point protection software and that the software is kept up to date. End-point protection software monitors, detects, and protects computers, servers, and other networked devices from intrusion, malware, and other cyber threats.

Prevent Unauthorized Access

Multi-factor authentication (MFA) is the process of using more than one method to confirm who you are when accessing systems or applications. This could include using something you know (a strong unique password), something you have (ID card, token, pin # sent through text message), and/or something you are (biometrics such as fingerprints or facial recognition) to authenticate. MFA use should be maximized by everyone, but particularly for financial and professional services accessed through the internet.

Remote or teleworking has rapidly increased since the beginning of the COVID-19 Pandemic and is anticipated to continue to increase in the near term. This has driven and will continue to drive an equivalent increase in remote access to networks. MFA should be required for remote access to all business networks to protect systems and data.

A strong unique password is now considered 16 characters rather than 8. Your password should include a variety of uppercase letters, lowercase letters, numbers, and special characters. For example, your dog’s name plus your birth year is NOT a strong password. If you are forgetful like most, there are password managers that will secure and encrypt your passwords for each site. Please do your research first!

Safeguard Administrative Accounts

Access to accounts with elevated privileges on your network could allow cyber attackers unrestricted access to systems, applications, and data. All systems and applications should be operated using least privilege principles, whereby users only log into accounts that have privileges necessary to perform tasks that they currently need to conduct. Particularly, users should not browse the internet and check email when logged into administrative accounts.

Backup Your Data

Ransomware has become a lucrative undertaking for cyber attackers. The effects of a ransomware attack on your network can be devastating. All of your data could be lost and/or released to the public. Paying ransoms is not recommended to recover your data. Often those who choose to pay are still unable to decrypt their data, lose some or all of it, and still have their data released to the public.

System backups are a must to protect data from cyberattacks and allow recovery if your data is compromised. All files should be backed up weekly at a minimum and the backups should be stored offline and/or offsite if possible. Have a plan to implement these backups if your network is attacked. As well as have a plan to continue critical activities and services if the backups are also exploited.

Use Social Media Wisely

Minimize the amount of personal or private information that you share online. Social media has been integrated into all aspects of daily life at home, at work, and at school. Users often share an abundance of their personal and private information through social media without regard for who might have access to this data. Cyber attackers use this information in a process called social engineering to infiltrate networks and identify vulnerabilities. It is important to monitor and provide guidance on safe social media use to all users of your network including children and employees.

What's New in Louisiana

GOHSEP Homeland Security Section is monitoring the heightened tensions in Russia and Ukraine. Additional information and resources specific to this situation can be found at https://www.cisa.gov/shields-up. As always please report any suspected or confirmed cybersecurity attacks to LA-SAFE.

1/24/2022-1/28/2022- Data Privacy Week

Visit https://staysafeonline.org/data-privacy-week for more information

1/25/2022- NCSA Respecting Privacy:  Managing Data Collection in your Business

Visit https://staysafeonline.org/event/respecting-privacy-managing-data-collection-in-your-business/?utm_campaign=Data%20Privacy%20Week%202022&utm_medium=email&_hsmi=200883797&_hsenc=p2ANqtz-8zRQff-Wi36f2bcWinoRY0eLEcAlLeIJ4Mr4Ryw-LUdRwRiZx70lSEnelKrWNp7CZQfc4WGPp0LNWl2Vh7EM6K-BaFCg&utm_content=200883797&utm_source=hs_email to register

2/9/2022- CISA Region 6 5G Webinar

Visit https://www.eventbrite.com/e/region-6-5g-webinar-registration-198557560007 to register.

3/16/2022- CISA Cyber Essentials

Visit https://forms.office.com/Pages/ResponsePage.aspx?id=bOfNPG2UEkq7evydCEI1Sq2SpJpHtKJLtjjMq0n54tlUREszSVpHUTlQQk1KSVEyN0c1NlBORjJXWSQlQCN0PWcu to register

 

For more tips on cybersecurity and awareness, follow us on social media:

Facebook: Louisiana Governor’s Office of Homeland Security and Emergency Preparedness https://www.facebook.com/gohsep/

Twitter: Louisiana GOHSEP
@GOHSEP
#BeCyberSmart
#GetAGamePlan

If you are a victim of a cyberattack or cybercrime in Louisiana, contact the Louisiana Fusion Center @ 1-800-434-8007 or LaFusion.Center@la.gov