I love June! Summer has finally arrived, the lakes are abuzz with boaters, golf courses are full, and the Kentucky County Judge/Executive and Kentucky Magistrates & Commissioners Association hold their annual Joint Summer Conference.
This year was better than last year for several reasons. First, I did NOT play in golf the scramble like I did last year… That was good for EVERYONE!
Second, I didn’t trip on the outdoor rug going into the hotel conference center and faceplant into the glass double doors (like I did last year).
Best of all, I was honored to present one of the breakout sessions on “Cyber Security for County Governments in 2022.”
This was a win-win because I had the opportunity to talk with many judges, magistrates, and commissioners about the state of cyber security in their counties, which helped me better understand the needs and be able to protect them better.
It was a win for the attendees because I did a 5-question contest at the end of each session and gave out small bottles of “adult refreshments” for the correct answers. (My apologies for the Peach Schnapps.)
Here are some of my takeaways:
There is a wide range of IT and cybersecurity levels. I found it surprising that counties still lack meaningful IT or cybersecurity support. Others have significant support for their infrastructure. There doesn’t seem to be much rhyme or reason to what category counties fall into.
Many still don’t understand what cyber security is – In simplest terms, “Cyber Security is a journey, not a destination.” Many people are surprised to learn that you cannot just set it and forget it.
An assessment of your system is a snapshot in time. It may show the level of protection right now, but ongoing monitoring and assessments are needed to show changes and indications of compromise. A picture is worth a thousand words, but a video tells a story.
Multi-factor authentication (MFA) is NOT implemented nearly enough – I was shocked at how many people admitted that they do not use MFA to access their devices and networks. This must be part of standard practice.
No Passwords – I have no words. I mean…just…nope, no words. Yes, some people do not even require passwords for their systems. I may cry. Excuse me for just a moment.
Ok, I’m fine now.
If you didn’t get a chance to attend one of our breakout sessions, you can check out the video!
By next year, let’s everyone make some promises:
- You will make sure you use passwords
- You will start using MFA
- You will ask questions of your IT team
- You will implement some form of cyber security and keep updating it
And for my part
- I will NOT buy Peach Schnapps for one of my cyber security contest prizes.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.