Cybersecurity Plan

Cybersecurity Awareness

Louisiana is home to many different cultures, religions, companies, private agencies, and so much more. We may not all agree on the same recipe to boil crawfish, but what we do know is that we are all connected. Not just our good old southern hospitality but also, we love our technology and the convenience it provides us.  Louisiana’s cyberinfrastructure has increasingly been under attack in recent years. It is critical that government agencies, private industries, and we the citizens, take precautions to reduce the likelihood of becoming victims of cyberattacks. It is also important that we all have a plan that will minimize the impact if attacked and facilitate a quick return to normal operations. Not only is your business network at risk but your personal network as well.

What's New at GOHSEP Cyber

• CTAC - Biweekly Report 1/06/26
• Louisiana Municipal Review page 30

 

Tips to avoid becoming the victim of a cyberattack:

• Stay Up to Date
• Protect Your Systems
• Prevent Unauthorized Access
• Safeguard Administrative Accounts
• Backup Your Data
• Use Social Media Wisely
• Louisiana Cyber Assurance Program

Stay Up to Date

Software updates are essential for your electronic devices to function securely. Ensure all software, applications, and operating systems are always updated and patched with the latest security patches to make yourself a less attractive target for cyber-attackers.

Click here to learn more about security patches and updates. 

Protect Your Systems

It is recommended that all systems run Endpoint Protection Software and that the software is kept up to date. End-point protection software monitors, detects, and protects computers, servers, and other networked devices from intrusion, malware, and other cyber threats.

Click here to learn more about Endpoint Protection Software.

Prevent Unauthorized Access

Multi-factor authentication (MFA) is the process of using more than one method to confirm who you are when accessing systems or applications. This could include using something you know (a strong unique password), something you have (ID card, token, pin # sent through text message), and/or something you are (biometrics such as fingerprints or facial recognition) to authenticate. MFA use should be maximized by everyone, but particularly for financial and professional services accessed through the internet.

Remote or teleworking has rapidly increased since the beginning of the COVID-19 Pandemic and is anticipated to continue to increase in the near term. This has driven and will continue to drive an equivalent increase in remote access to networks. MFA should be required for remote access to all business networks to protect systems and data.

A strong unique password is now considered 16 characters rather than 8. Your password should include a variety of uppercase letters, lowercase letters, numbers, and special characters. For example, your dog’s name plus your birth year is NOT a strong password. If you are forgetful like most, there are password managers that will secure and encrypt your passwords for each site. Please do your research first!

Click here to learn more about MFA.

Safeguard Administrative Accounts

Access to accounts with elevated privileges on your network could allow cyber attackers unrestricted access to systems, applications, and data. All systems and applications should be operated using least privilege principles, whereby users only log into accounts that have the privileges necessary to perform tasks that they currently need to conduct. Particularly, users should not browse the internet and check email when logged into administrative accounts.

Click here to learn more about least privilege access.

Backup Your Data

Ransomware has become a lucrative undertaking for cyber attackers. The effects of a ransomware attack on your network can be devastating. All of your data could be lost and/or released to the public. Paying ransoms is not recommended to recover your data. Often those who choose to pay are still unable to decrypt their data, lose some or all of it, and still have their data released to the public.

System backups are a must to protect data from cyberattacks and allow recovery if your data is compromised. All files should be backed up weekly at a minimum, and the backups should be stored offline and/or offsite if possible. Have a plan to implement these backups if your network is attacked. As well as have a plan to continue critical activities and services if the backups are also exploited.

Click here to learn more about offline and offsite backup.

Use Social Media Wisely

Minimize the amount of personal or private information that you share online. Social media has been integrated into all aspects of daily life at home, at work, and at school. Users often share an abundance of their personal and private information through social media without regard for who might have access to this data. Cyber attackers use this information in a process called social engineering to infiltrate networks and identify vulnerabilities. It is important to monitor and provide guidance on safe social media use to all users of your network, including children and employees.

Louisiana Cybersecurity Assurance Program (LCAP)

OTS, working with GOHSEP, LANG, and LSP, has designed and formalized the Louisiana Cyber Assurance Program, which will significantly enhance the state’s proactive cybersecurity posture.  The program will monitor the assets previously deployed by ESF-17 to assist local government entities with threat mitigation. Building on the success of ESF-17, ESF-2 Cyber will create a digital ecosystem that collects, analyzes, and distributes cyber threat intelligence in an active, 24/7 monitored environment.  

Office of Cyber Readiness

The Office of Cyber Readiness (OCR) is hosted by the Louisiana Military Department.

Services rendered by OCR are Cyber Readiness Assessments, which include:  

• Vulnerability assessments  
• Documenting results  
• Recommending improvements/changes  
• Consistently verifying and validating improved posture

  Participation is purely voluntary.  All results are recorded and periodically measured for increased assurance. Simply put, the goal is for OCR to assess vulnerabilities and report findings faster than the attackers. 

Cyber Threat Analysis Center

Hosted by GOHSEP, the Cyber Threat Analysis Center (CTAC) conducts advanced active threat monitoring and information sharing.  The CTAC helps organizations improve their security posture, operational efficiency, incident identification, and response efforts. 

Security Operations Center (SOC)

A SOC is a centralized function or team responsible for improving an organization’s cybersecurity posture and preventing, detecting, and responding to threats. Using multiple data collection devices, information is digested through the Cyber Threat Analysis Center.  Effectively, the CTAC captures event logs and sends data to SOAR, which automatically pushes responsive commands to defend the networks. 

Cyber Threat Intelligence

Cyber Threat Intelligence (CTI) is the process of collecting, analyzing, and applying data on cyber threats, adversaries, and attack methodologies to enhance an organization's security posture. Additionally, the CTAC has established an Information Sharing and Analysis Center (ISAC) that is in place to gather and share relevant information on cyber threats to each relevant industry. This information will be shared through the use and implementation of STIX and TAXII feeds. This will facilitate standardized multidirectional sharing of critical data.

Endpoint Detection Deployment

What is Endpoint Detection and Response? - Endpoint Detection and Response (EDR) is a cybersecurity technology that continuously monitors endpoints for evidence of threats and performs automatic actions to help mitigate them. Endpoints are the physical devices connected to a network, such as mobile phones and desktops, that give malicious actors multiple points of entry for an attack. EDR solutions help security analysts detect and remediate threats on endpoints before they can spread throughout your network.

Detection Deployment—We are continuing to deploy endpoint detection and response software across Louisiana to be consistent with the shift to a proactive rather than reactive cybersecurity posture. Although 100% prevention is nearly impossible, early detection and remediation are obtainable, and these efforts are the foundation for getting there.  

Incident Response

Hosted by the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), the Cyber & Emerging Threats Incident Response Team (IR) will perform “Cyber Incident Response” which will include to contain, eradicate, and assist in the remediation & recovery of any local or state entity in a cyber emergency. In addition, documented results, recommend improvements, and verify and validate that the cyber threat is eliminated and reinforce the agency’s security posture against future threats.

IR is available to voluntarily assist public entities (including local and rural entities) designated by the Governor’s Office of Homeland Security and Emergency Preparedness as Critical Infrastructure and Key Resources (CIKR). IR will utilize state-of-the-art commercial software and hardware to assist in the mitigation and recovery. Upon completion, each Service Recipient will receive a closing document that articulates any mitigation efforts provided (hardware and software) to be discussed at the departure of the IR Team with agency heads.