Cybersecurity Plan

 

Cybersecurity Awareness

Louisiana is home to many different cultures, religions, companies, private agencies, and so much more. We may not all agree on the same recipe to boil crawfish, but what we do know is that we are all connected. Not just our good old southern hospitality but also, we love our technology and the convenience it provides to us.  Louisiana’s cyberinfrastructure has increasingly been under attack in recent years. It is critical that government agencies, private industries, and we the citizens, take precautions to reduce the likelihood of becoming victims of cyberattacks. It is also important that we all have a plan that will minimize the impact if attacked and facilitate a quick return to normal operations. Not only is your business network at risk but your personal network as well.

Tips to avoid becoming the victim of a cyberattack:

  • Stay Up to Date
  • Protect Your Systems
  • Prevent Unauthorized Access
  • Safeguard Administrative Accounts
  • Backup Your Data
  • Use Social Media Wisely

Stay Up to Date

Software updates are essential for your electronic devices to function securely. Ensure all software, applications, and operating systems are always updated and patched with the latest security patches, by doing you are a less attractive target for cyber-attackers.

Click here to learn more about security patches and updates. 

Protect Your Systems

It is recommended that all systems run Endpoint Protection Software and that the software is kept up to date. End-point protection software monitors, detects, and protects computers, servers, and other networked devices from intrusion, malware, and other cyber threats.

Click here to learn more about Endpoint Protection Software.

Prevent Unauthorized Access

Multi-factor authentication (MFA) is the process of using more than one method to confirm who you are when accessing systems or applications. This could include using something you know (a strong unique password), something you have (ID card, token, pin # sent through text message), and/or something you are (biometrics such as fingerprints or facial recognition) to authenticate. MFA use should be maximized by everyone, but particularly for financial and professional services accessed through the internet.

Remote or teleworking has rapidly increased since the beginning of the COVID-19 Pandemic and is anticipated to continue to increase in the near term. This has driven and will continue to drive an equivalent increase in remote access to networks. MFA should be required for remote access to all business networks to protect systems and data.

A strong unique password is now considered 16 characters rather than 8. Your password should include a variety of uppercase letters, lowercase letters, numbers, and special characters. For example, your dog’s name plus your birth year is NOT a strong password. If you are forgetful like most, there are password managers that will secure and encrypt your passwords for each site. Please do your research first!

Click here to learn more about MFA.

Safeguard Administrative Accounts

Access to accounts with elevated privileges on your network could allow cyber attackers unrestricted access to systems, applications, and data. All systems and applications should be operated using least privilege principles, whereby users only log into accounts that have the privileges necessary to perform tasks that they currently need to conduct. Particularly, users should not browse the internet and check email when logged into administrative accounts.

Click here to learn more about least privilege access.

Backup Your Data

Ransomware has become a lucrative undertaking for cyber attackers. The effects of a ransomware attack on your network can be devastating. All of your data could be lost and/or released to the public. Paying ransoms is not recommended to recover your data. Often those who choose to pay are still unable to decrypt their data, lose some or all of it, and still have their data released to the public.

System backups are a must to protect data from cyberattacks and allow recovery if your data is compromised. All files should be backed up weekly at a minimum, and the backups should be stored offline and/or offsite if possible. Have a plan to implement these backups if your network is attacked. As well as have a plan to continue critical activities and services if the backups are also exploited.

Click here to learn more about offline and offsite backup.

Use Social Media Wisely

Minimize the amount of personal or private information that you share online. Social media has been integrated into all aspects of daily life at home, at work, and at school. Users often share an abundance of their personal and private information through social media without regard for who might have access to this data. Cyber attackers use this information in a process called social engineering to infiltrate networks and identify vulnerabilities. It is important to monitor and provide guidance on safe social media use to all users of your network, including children and employees.

What's New in Louisiana

Cybersecurity Awareness Month will be observed in Louisiana throughout October 2022 in coordination with the National Cybersecurity Awareness Month. For more information on being cyber aware and special events throughout the month of October, check out our social media.

The theme for 2022 is “It’s easy to stay safe online.” The month will be focused on the following four key security behaviors:

  1. Enable Multi-Factor Authentication
  2. Use Strong Passwords and a Password Manager
  3. Update Your Software
  4. Recognize and Report Phishing

10/4/2022- CISA 5th Annual National Cybersecurity Summit

See Yourself in Cyber – learn how your organization plays a part in ensuring cybersecurity for the larger ecosystem. https://www.cisa.gov/cybersummit2022

10/6/2022- NCSA Cybersecuring America: A United Mission

Elected officials, government leaders, and industry executives come together to discuss our united mission to cybersecure America. https://staysafeonline.org/programs/events/cybersecuring-america-a-united-mission/

10/11/2022- TEEX PER398 Cybersecurity Resiliency in Industrial Control Systems

This course is designed to enhance understanding of the critical nature of Industrial Control System environments and the associated risks, threats, and defenses within an organization, business, or government entity.

Visit http://gohsep.la.gov/RESOURCES/TRAINING-EVENTS-SCHEDULE to register.

10/12/2022-10/13/2022- TEEX MGT465 Recovering from Cyber Attack

This course is designed to provide guidance for the implementation of an effective cybersecurity incident recovery program from a pre-incident and post-incident perspective. Visit http://gohsep.la.gov/RESOURCES/TRAINING-EVENTS-SCHEDULE to register.

10/20/2022- CISA Operation Safenet Virtual Tabletop Exercise

To Register,  Visit  https://forms.office.com/Pages/ResponsePage.aspx?id=bOfNPG2UEkq7evydCEI1Ss_HcDxT5fhFtUn1Cs6HnNJUMkgwQkpQVDdIWVMyRkczOFJPVFVHVDJLUyQlQCN0PWcu

 

For more tips on cybersecurity and awareness, follow us on social media:

Facebook: Louisiana Governor’s Office of Homeland Security and Emergency Preparedness https://www.facebook.com/gohsep/

Twitter: Louisiana GOHSEP
@GOHSEP
#BeCyberSmart
#GetAGamePlan

If you are a victim of a cyberattack or cybercrime in Louisiana, contact the Louisiana Fusion Center @ 1-800-434-8007 or LaFusion.Center@la.gov