I love June! Summer has finally arrived, the lakes are abuzz with boaters, golf courses are full, and the Kentucky County Judge/Executive and Kentucky Magistrates & Commissioners Association hold their annual Joint Summer Conference.
This year was better than last year for several reasons. First, I did NOT play in golf the scramble like I did last year… That was good for EVERYONE!
Second, I didn’t trip on the outdoor rug going into the hotel conference center and faceplant into the glass double doors (like I did last year).
Best of all, I was honored to present one of the breakout sessions on “Cyber Security for County Governments in 2022.”
This was a win-win because I had the opportunity to talk with many judges, magistrates, and commissioners about the state of cyber security in their counties, which helped me better understand the needs and be able to better protect them.
For the attendees, it was a win because I did a 5-question contest at the end of each session and gave out small bottles of “adult refreshments” for the correct answers. (My apologies for the Peach Schnapps.)
Here are some of my takeaways:
There is a WIDE range in the IT and Cyber Security levels – I found it surprising there are still counties without any meaningful IT or cyber security support. Others have significant support for their infrastructure. There doesn’t seem to be much rhyme or reason to what category counties fall into.
Many still don’t understand what cyber security is – In simplest terms, “Cyber Security is a journey, not a destination.” I think many people are surprised to learn that you cannot just set it and forget it.
An assessment of your system is a snapshot in time. It may show the level of protection right now, but ongoing monitoring and assessments are needed to show changes and indications of compromise. A picture is worth a thousand words, but a video tells a story.
Multi-Factor Authentication (MFA) is NOT implemented nearly enough – I was shocked at how many people admitted that they do not use MFA to access their devices and networks. This must be part of standard practice.
No Passwords – I have no words. I mean…just…nope, no words. Yes, some people do not even require passwords for their systems. I may cry. Excuse me for just a moment.
Ok, I’m fine now.
If you didn’t get a chance to attend one of our breakout sessions, you can check out the video!
By next year, let’s everyone make some promises:
You will make sure you use passwords
You will start using MFA
You will ask questions of your IT team
You will implement some form of cyber security and keep updating it
And for my part
I will NOT buy Peach Schnapps for one of my cyber security contest prizes.
CYBER NEWS
Monkeypox gives scammers something new to con with
Monkeypox gives scammers something new to con with
The scammer arsenal of tricks and cons has received a bit of an update recently, as it’s not just covid scams set to land in your emails.
www.pickr.com.au • Share
Microsoft: Exchange servers hacked to deploy BlackCat ransomware
Microsoft: Exchange servers hacked to deploy BlackCat ransomware
Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.
www.bleepingcomputer.com • Share
State and Local Governments Eye Collective Cybersecurity Measures
State and Local Governments Eye Collective Cybersecurity Measures
A number are bringing efforts under one umbrella to ensure public sector resources remain safe.
statetechmagazine.com • Share
TIP OF THE WEEK
How to Avoid Facebook Scams
Recently it was discovered that a fake Facebook login portal was set up to imitate Facebook’s actual landing page. The user would enter their actual Facebook login credentials thinking they were logging into their Facebook account, but they were providing their credentials to a cyber-criminal.
Once a user’s credentials have been stolen, the criminal can monetize them in various ways. They will often set up a fake profile that appears to be you and then connect with your friends. The built-in trust between you and your friends results in lowered defense and increased susceptibility to scams.
Avoid becoming a victim by:
NOT clicking on a link to be taken to a landing page that you would usually go to in another way (even if, or especially if, it appears to come from someone you know)
If you receive a connection request from a friend that seems unusual, call or text that friend to ensure they sent it.
Use MFA for all logins.
If asked to verify your identity, double-check the URL to ensure it is legitimate.
VOCABULARY WORD
Landing Page: A web page that prompts the user to take a specific action (e.g., enter credentials, payment information, etc.)
CYBER HUMOR