title
Receive a presentation and consider adopting a resolution recognizing October 2024 as National Cybersecurity Awareness Month
body
Published Notice Required? Yes ____ No _X _
Public Hearing Required? Yes ____ No _X _
DEPARTMENTAL RECOMMENDATION:
The Department of Information Technology (DoIT) recommends that the Board of Supervisors receive a presentation and consider adopting a resolution recognizing October 2024 as National Cybersecurity Awareness Month.
SUMMARY:
National Cybersecurity Awareness Month is a nationwide effort held each October to raise awareness about the importance of cybersecurity. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) leads the outreach effort, and has received support from other federal, State, and local agencies, as well as industry partners and centers of research.
For 2024, CISA’s National Cybersecurity Awareness Month campaign is “Secure Our World.” This year’s campaign focuses on promoting everyday cybersecurity practices to protect individuals online. The initiative provides resources and tips to ensure online safety, with an emphasis on actions everyone can take, such as using strong passwords, enabling multi-factor authentication (MFA), staying alert to phishing, and regularly updating software. Recognizing October as National Cybersecurity Awareness Month also complements the Board’s desire to ensure election security and will facilitate a unified message to the public.
FINANCIAL IMPACT:
The costs associated with preparation and purchase of the resolution materials is included in the Board’s FY2024/25 Working Budget.
DISCUSSION:
Cybersecurity is a key priority for DoIT who has implemented a multi-pronged approach for cybersecurity practices across the County.
The deployment of Microsoft Office 365 multi-factor authentication (MFA) to all departments was completed in April 2022. DoIT has also completed deploying Microsoft Defender for Endpoints, a more advanced anti-malware system. Microsoft Defender will help detect and block ransomware and malware in the network.
DoIT focuses on its ability to respond quickly to cybersecurity incidents, including tabletop exercises which enhance the overall cyber response posture and collective decision-making process of the team and stakeholders.
In an effort to combat phishing attacks, DoIT implemented a comprehensive phishing email campaign to educate and test users. There has already been a significant improvement in users’ ability to recognize and report phishing attempts, reducing the overall risk of successful phishing attacks.
DoIT increased minimum password length to strengthen password security for all user accounts. This policy makes it harder for attackers to crack passwords, enhancing overall system security.
Formal declaration of National Cybersecurity Awareness Month by the Board of Supervisors will facilitate awareness to present a unified message to employees and the general public. Additional information on cybersecurity awareness can be obtained online at:
<http://www.cisa.gov/national-cyber-security-awareness-month>
ALTERNATIVES:
The Board of Supervisors could choose not to receive the presentation and not adopt the resolution; however, this alternative is not recommended as adoption by the Board will signal the importance of developing positive, lasting cybersecurity habits.
OTHER AGENCY INVOLVEMENT:
There is no other agency involvement.
CAO RECOMMENDATION:
APPROVE DEPARTMENTAL RECOMMENDATION