October is Cybersecurity Awareness Month
With an ongoing surge of cyber-attacks during the COVID-19 pandemic, the Wolf Administration is reminding Pennsylvanians about the need to protect their information online.
“Online criminals will try to exploit any situation to steal the personal information and defraud consumers, and this pandemic is no different,” said Secretary of Administration Michael Newsome. “As the pandemic continues, the need to be vigilant in our online activities is greater than ever.”
The FBI recently reported that the number of complaints about cyber-attacks had reached 4,000 per day, a 400 percent increase compared to before the pandemic. The international police agency INTERPOL also reports an alarming rate of cyberattacks globally. In addition to consumers, businesses and government agencies are also being targeted.
“Phishing is by far the most common tactic used by cyber criminals,” noted Erik Avakian, Chief Information Security Officer for the commonwealth. “The easiest way for bad actors to commit their crimes is by tricking people into handing over their information or opening links to malicious software.”
Phishing is when someone represents themselves as a trusted source so that a victim will provide personal information, open attachments, or click on links. Phishing frequently occurs through email, it can also occur through phone calls, websites, social media, text messages, and other forms of communication.
The Protecting Yourself Online guide, available on PA.gov, provides information to help prevent identity theft and other cybercrimes, as well as resources and advice on what to do if you become a victim. You can help to secure your personal information by:
- Installing firewalls, anti-virus, and anti-spyware programs and keeping them up to date. Many software programs and operating systems can be set to update automatically when new versions are available.
- Using strong passwords that include upper- and lower-case letters, numbers, and special characters. Do not reuse passwords or use the same password for multiple accounts. There are password management programs available that can help you keep track of all your account credentials.
- Thinking before you click. Do not open email or related attachments from untrusted sources. When in doubt, delete.
- Avoiding public Wi-Fi hot spots, such as those offered by retailers and at other locations, whenever possible. Do not transmit or receive personal information while using public Wi-Fi.
- Educating yourself about popular online scams, such as ransomware and phishing, and how to recognize them.
The Office of Administration (OA) oversees cybersecurity for state agencies under the Governor’s jurisdiction. Over the years, Pennsylvania has emerged as a leader among states in cybersecurity through innovation and best practices. The National Association of State Chief Information Officers (NASCIO) recently named one of Pennsylvania’s cybersecurity initiatives a finalist in their national awards competition. By correlating large volumes of disparate data from multiple sources to develop key security risk indicators, Pennsylvania has been able to increase the effectiveness of its security awareness training for employees and contractors and tighten procedures around the management of user accounts.
“Protecting data is at the heart of everything we do as an IT organization and a responsibility we take on with the utmost commitment,” said Deputy Secretary for Information Technology John MacMillan. “In an ever-more interconnected world, collaboration on cybersecurity is also critical, which is why we work closely with our partners in the federal government, counties, other states, and the private sector to share information on emerging threats.”
As part of the Governor’s Customer Service Transformation initiative, OA is implementing Keystone Login, which will allow users to log into online services from multiple state agencies with the same account credential, improving both security and customer service. OA also provides shared cybersecurity services to counties, cities, and school districts, including security awareness training and anti-phishing exercises for employees. The office also works closely with counties and the Department of State on election cybersecurity.
Governor Wolf has proclaimed October as ‘Cybersecurity Awareness Month’ to encourage all Pennsylvanians to take proactive steps to protect themselves online.