RECAST | Security Best Practices
From: Alfonso, Antonio <email@example.com>
Sent: Tuesday, September 29, 2020 9:23 AM
Greetings! This is some important information from our friends at the state regarding recent news stories about the state of Washington computing resources.
I want you all to know that as we start our third quarter online, our systems are available and operating well, despite yesterday’s Microsoft outage. We continue to perform all of the same routine maintenance and updates, remaining vigilant and ready to respond to issues as quickly as possible. As always, we’ll keep you in the loop when something is impacting our services.
Wishing you a healthy and safe start to the academic year,
Tony Alfonso, MS-CIS
Associate Vice President
Computing & Communications
The Evergreen State College
From: Weaver, James (WaTech) <firstname.lastname@example.org>
Sent: Tuesday, September 29, 2020 8:49 AM
To: WaTech DL Agency CIOs <WaTechDLAgencyCIOs@watech.wa.gov>
Cc: Sheehan, Vickie (WaTech) <Vickie.Sheehan@watech.wa.gov>; WaTech DL CAMs <email@example.com>
Subject: Security Best Practices
We know agency employees have many questions about the phishing campaign they’ve been hearing about. It is important to note there is no known indication of state services being impacted at this time. The state is taking proactive measures to protect systems, which may require taking certain applications offline temporarily for necessary maintenance. Below is some general guidance for actions everyone can take to stay safe online. Feel free to share with your employees.
Information for agency employees:
The state of Washington, like many public and private organizations across the country, sees frequent phishing email campaigns. Agency IT staff continue to take a number of steps to mitigate the risk that comes with these types of activities, but it’s important to understand that cybersecurity starts with YOU.
We are providing the following guidance to all staff. We strongly encourage you to review this information carefully and contact your agency help desk with any questions you have.
While no restrictions have been placed on how we communicate internally or externally at the state level, some agencies may choose to take extra precautions, and we will need to work with those agencies accordingly.
Please continue following best practices when it comes to security, especially email.
SECURITY BEST PRACTICES
- Choose strong passwords: Passwords should be hard to guess, contain more than 12 characters, and contain a mix of symbols, numbers, and upper-and-lower-case letters. Reminder: Never re-use passwords.
- Do not leave your device unattended: Lock your screen whenever you step away from your computer and don’t leave mobile devices where someone else can access them.
- Do not install unapproved software: If you need new/special software to complete your work, please contact your agency help desk and request it.
- Follow security warnings: If a website or attachment is blocked from opening, do not attempt to bypass the security software. If you think a site or attachment has been blocked in error, please contact your agency help desk for assistance.
SAFE EMAIL HANDLING
One key indicator often seen in phishing campaigns is the sender’s email address doesn’t match the person supposedly sending the email. Example: The email shows it is from John Doe (ABC) The email address doesn’t match the name of the sender. In some cases the name may match, but the domain “@badomain” will be from a different organization.
Here are key steps everyone can take to protect themselves:
- Check the sender’s email address to see if it’s actually from a different person or organization.
- Be suspicious of any emails that urge you to take action and try to create a sense of urgency.
- Never click on links or open attachments without first making sure the request is authentic.
- If you believe the email may be illegitimate, please report it to security staff in your agency.
- Never call a phone number included in a suspicious email or reply to the sender.
Thank you for your vigilance and your diligence in helping to ensure our state remains safe and secure. We are all in this together.
Director and State CIO
1500 Jefferson Street SE | Olympia, WA 98501-1504
Office: 360-407-9150 | Cell: 360-764-3844
firstname.lastname@example.org | watech.wa.gov