CISO Updates
CISO Updates
Embedded Files
A Proactive Approach to Cybersecurity: Our Summer Priorities
A Proactive Approach to Cybersecurity: Our Summer Priorities
This summer, our cybersecurity strategy continues to build on three critical areas to ensure a resilient and secure environment for all state agencies. We are continuously strengthening our defenses and empowering our employees to be our best line of defense against evolving threats.
Building a Stronger Foundation
Building a Stronger Foundation
A key priority is our ongoing work to enhance foundational security measures. This includes building cyber resilience—the ability to quickly recover from any incident—and continually implementing Zero Trust principles. These strategies ensure our systems are robust, adapting to modern threats to make our collective digital infrastructure stronger and more secure. This also involves the continuous refinement of internal processes and laying the groundwork for a more robust security posture to enhance efficiency and effectiveness.
The Power of People
The Power of People
Cybersecurity is a shared responsibility, and our focus remains on our greatest asset: our people. We are committed to comprehensive training to equip all employees with the knowledge and tools to identify and mitigate risks. This ongoing education is a vital part of our strategy to foster a culture of collective strength, where every individual plays a crucial role in protecting our state’s data. Our commitment extends to welcoming new team members and ensuring they are quickly brought up to speed on our security protocols.
Collective Mindfulness Against Evolving Threats
Collective Mindfulness Against Evolving Threats
Cyberattacks are a daily reality for organizations around the world. These incidents, which often involve phishing and social engineering, reinforce the need for us all to be highly aware of digital threats. By applying simple, proactive habits—like carefully checking links and being cautious with downloads—we protect our systems and enable our Security Team to focus on strategic initiatives.
Cybersecurity is a team effort. Please remember to apply these best practices in your daily work. If you see something suspicious, report it using our established channels. Your actions make a difference.
Collaborative Information Security: Our Shared Commitment
Collaborative Information Security: Our Shared Commitment
Safeguarding information is fundamental to our public trust and effective governance. While unintended sharing can occur, these instances offer a valuable opportunity to continuously enhance our collective awareness and refine our daily information management practices.
The Human Element in Data Care
The Human Element in Data Care
It's understandable that in our busy work environments, unintentional data sharing can occur. Often, these instances aren't due to harmful intentions or complex cyber threats, but rather simple, common human errors. For example, a quick email autofill selection or an oversight when forwarding content can sometimes lead to sensitive information, like Personally Identifiable Information (PII), being shared unintentionally.
When this happens without encryption or outside of approved channels, it can unexpectedly become public, potentially creating concerns for individuals and the state. This highlights why a mindful approach to our daily communications can be incredibly beneficial.
Thoughtful Steps, Meaningful Impact
Thoughtful Steps, Meaningful Impact
Protecting sensitive information is a collaborative effort where everyone's contribution makes a big difference. Here are some thoughtful and impactful habits we can all embrace:
Double-Check Recipients: Before you send, kindly take a quick moment to confirm your message is going to the right person or group. While autocomplete is very helpful, a brief review can prevent misdirection.
Secure Sensitive Information:
Please Consider Encrypting Emails: If an email includes sensitive or confidential details, please consider using encryption. It's an easy and effective way to add a protective layer, ensuring your message is viewed only by its intended recipients.
Consult ETS for Highly Sensitive Data: For Personally Identifiable Information (PII) or other highly sensitive data, emailing, even when encrypted, might not always be the optimal way to share. Our ETS Security Team is happy to help you explore the most secure methods, such as secure file transfer (FTP) or other approved channels.
Think Before You Forward: Before you forward an email, it's helpful to pause and consider its content. Is the information suitable for the new recipient? Does it contain sensitive details that might not be appropriate for wider sharing? If you're unsure, choosing to be cautious is always a good approach.
If You Receive Misdirected Information: Should you receive an email or document that wasn't meant for you, particularly if it seems sensitive, we kindly ask that you let the sender know right away and delete the information. Please refrain from forwarding it. This thoughtful action helps us all prevent further unintentional sharing.
Why This Matters: A Foundation of Trust, Impact, and Responsibility
Why This Matters: A Foundation of Trust, Impact, and Responsibility
As your Chief Information Security Officer, I truly believe that safeguarding information is a cornerstone of our shared achievements. It’s about cultivating and sustaining trust with those we serve and within our own teams. This dedication to security gracefully aligns with our collective responsibility to act with integrity, thoughtfully manage sensitive details, and ultimately, positively influence the lives of Wyoming citizens.
In addition to our ethical considerations, we also navigate important legal responsibilities. Unintentionally sharing PII can sometimes lead to notification requirements and other legal considerations. Taking a brief moment to review and secure information can genuinely help us all avoid significant legal and reputational hurdles for our agencies and the state.
We deeply understand that human errors are a part of working life, and our focus is warmly placed on increasing awareness and supporting prevention. When incidents arise, we thoughtfully investigate to understand the situation, always prioritizing education and reinforcing our best practices. While our goal is firmly rooted in fostering a culture of learning and continuous improvement, we also gently remind that consistent attention to security protocols is a valuable professional practice for all staff.
Every piece of information we handle is a valuable trust. By being mindful and intentional in our digital communications, we thoughtfully contribute to a more robust and secure environment for all Wyoming agencies and for the public we are so privileged to serve.
Page updated
Report abuse