title
Adopt and present a resolution recognizing October 2020 as National Cybersecurity Awareness Month
body
Published Notice Required? Yes ____ No _X _
Public Hearing Required? Yes ____ No _X _
DEPARTMENTAL RECOMMENDATION:
The Department of Information Technology recommends that the Board of Supervisors adopt and present a resolution recognizing October 2020 as National Cybersecurity Awareness Month.
SUMMARY:
National Cybersecurity Awareness Month is a nationwide effort held each October to raise awareness about the importance of cybersecurity. The U.S. Department of Homeland Security (DHS) leads the outreach effort, and has received support from other Federal, State, and local agencies, as well as industry partners and centers of research. For 2020, the DHS’ National Cybersecurity Awareness Month campaign is “Do Your Part. #BeCyberSmart”. This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity. Recognizing October as National Cybersecurity Awareness Month also complements the Board’s priority of addressing election security and will facilitate outreach to present a unified message to the general public.
FINANCIAL IMPACT:
The costs associated with preparing this agenda item and informational messaging are nominal and absorbed by the department’s FY2020/21 Adopted Budget. The costs associated with preparation and purchase of the resolution materials are included in the Board’s FY2020/21 Adopted Budget.
DISCUSSION:
For 2020, the DHS’ National Cybersecurity Awareness Month campaign is “Do Your Part. #BeCyberSmart”. This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.
As Federal, State, and Local agencies respond to the COVID-19 situation, the number of County employees working remotely has increased dramatically. In order to support this surge, the Department of Information Technology (DoIT) deployed secure remote access capabilities to accommodate all County remote employees. An enterprise software collaboration tool was also deployed to facilitate persistent chat, voice and video meetings, file storage including collaboration of files and application integration. Additionally, DoIT ensured that all County-owned laptops used for remote access have full disk encryption to reduce the risk of data loss on compromised machines.
During the COVID-19 pandemic, organizations worldwide have reported a jump in Phishing emails and malware attacks. The jump in cyber-attacks can be attributed to the surge of employees working from home.
This year, DoIT began rolling out Azure multi-factor authentication (MFA) to all departments. MFA provides additional layer of security when accessing Microsoft Office 365 applications by requiring two-step authentication.
Secure remote access to County network and applications using Windows Virtual Desktop (WVD) was also deployed. Virtual Private Network (VPN) using RSA software tokens were replaced with the less expensive MFA solution; doing this reduced the cost of deploying VPN to remote users.
Cybersecurity awareness training to County employee will continue to be offered. This training is expected to be updated regularly and available on an annual basis for County employees to stay current on threats the County is likely to face. Formal declaration of National Cybersecurity Awareness Month by the Board of Supervisors will facilitate awareness to present a unified message to employees and the general public.
Additional information on cybersecurity awareness can be obtained online at https://www.cisa.gov/national-cyber-security-awareness-month.
ALTERNATIVES:
The Board of Supervisors could choose not to receive the presentation and not adopt the attached resolution; however, this alternative is not recommended as adoption by the Board will signal the importance of developing positive, lasting cybersecurity habits.
OTHER AGENCY INVOLVEMENT:
There is no other agency involvement.
CAO RECOMMENDATION:
APPROVE DEPARTMENTAL RECOMMENDATION