CISO Updates

Weathering Spring Storms and Securing Our Digital Heritage

In Wyoming, we know that as the seasons change, the landscape shifts—and so do the threats. Just as we prepare our homes and ranches for unpredictable spring weather, we must prepare our state's digital infrastructure for seasonal cyber risks. March brings a specific set of challenges, culminating in World Backup Day on March 31st.

The Seasonal Shift: Spring Cyber Threats

Tax season, the close of the first quarter, and annual state audits create a predictable spike in seasonal cyber patterns. Attackers know state agencies are processing high volumes of sensitive financial and personal data right now. They use this timing to their advantage, building "bespoke" traps disguised as urgent W-2 requests, overdue Q1 vendor invoices, or seasonal HR updates.

Remember our "Open Range" Awareness: don't just look for typos; look for intent. If an email asks for an urgent data export, a password verification, or a quick wire transfer, treat it like an unbranded cow on your land. Verify "Out-of-Band" by calling the sender directly at a known, trusted number.

World Backup Day (March 31): The Importance of Storage Hygiene

Wyomingites value our independence and the right to conduct our business securely. Part of that commitment means ensuring our data is resilient. A cyberattack (like ransomware), a sudden hardware failure, or a simple spilled cup of coffee can wipe out critical state records in seconds if they aren't properly secured.

World Backup Day is our annual reminder to practice rigorous storage hygiene. Good backups are our ultimate fail-safe.

Store it Right: Ensure all official documents are saved to approved state network drives or official cloud environments. Never store sole copies of official state data on local desktop hard drives, flash drives, or unapproved personal devices. If a local laptop is compromised or lost, that data is gone forever.
Clean the Clutter: Good hygiene means reducing our "Blast Radius." Archive or securely delete outdated, redundant files that unnecessarily expand our risk surface. If attackers breach a system, they can't steal or encrypt what isn't there.
Verify the Vault: Trust, but verify. Take a moment this week to ensure your critical department folders are successfully backing up and that you are following state data retention policies.

The Steward's Duty

Every record you handle represents a person who trusts the State of Wyoming to keep their data safe, private, and avaliable when they need it. Maintaining clean backups and staying alert to seasonal phishing isn't just an IT checklist—it's an act of community service.

If you spot a suspicious seasonal email, use the Phis Alert Button to sound the alarm for every agency in the state.

Keep your storage clean, your backups secure, and your eyes open.

Resources

A Proactive Approach to Cybersecurity: Our Summer Priorities

This summer, our cybersecurity strategy continues to build on three critical areas to ensure a resilient and secure environment for all state agencies. We are continuously strengthening our defenses and empowering our employees to be our best line of defense against evolving threats.

Building a Stronger Foundation

A key priority is our ongoing work to enhance foundational security measures. This includes building cyber resilience—the ability to quickly recover from any incident—and continually implementing Zero Trust principles. These strategies ensure our systems are robust, adapting to modern threats to make our collective digital infrastructure stronger and more secure. This also involves the continuous refinement of internal processes and laying the groundwork for a more robust security posture to enhance efficiency and effectiveness.

The Power of People

Cybersecurity is a shared responsibility, and our focus remains on our greatest asset: our people. We are committed to comprehensive training to equip all employees with the knowledge and tools to identify and mitigate risks. This ongoing education is a vital part of our strategy to foster a culture of collective strength, where every individual plays a crucial role in protecting our state’s data. Our commitment extends to welcoming new team members and ensuring they are quickly brought up to speed on our security protocols.

Collective Mindfulness Against Evolving Threats

Cyberattacks are a daily reality for organizations around the world. These incidents, which often involve phishing and social engineering, reinforce the need for us all to be highly aware of digital threats. By applying simple, proactive habits—like carefully checking links and being cautious with downloads—we protect our systems and enable our Security Team to focus on strategic initiatives.

Cybersecurity is a team effort. Please remember to apply these best practices in your daily work. If you see something suspicious, report it using our established channels. Your actions make a difference.

Collaborative Information Security: Our Shared Commitment

Safeguarding information is fundamental to our public trust and effective governance. While unintended sharing can occur, these instances offer a valuable opportunity to continuously enhance our collective awareness and refine our daily information management practices.

The Human Element in Data Care

It's understandable that in our busy work environments, unintentional data sharing can occur. Often, these instances aren't due to harmful intentions or complex cyber threats, but rather simple, common human errors. For example, a quick email autofill selection or an oversight when forwarding content can sometimes lead to sensitive information, like Personally Identifiable Information (PII), being shared unintentionally.

When this happens without encryption or outside of approved channels, it can unexpectedly become public, potentially creating concerns for individuals and the state. This highlights why a mindful approach to our daily communications can be incredibly beneficial.

Thoughtful Steps, Meaningful Impact

Protecting sensitive information is a collaborative effort where everyone's contribution makes a big difference. Here are some thoughtful and impactful habits we can all embrace:

Double-Check Recipients: Before you send, kindly take a quick moment to confirm your message is going to the right person or group. While autocomplete is very helpful, a brief review can prevent misdirection.
Secure Sensitive Information:
- Please Consider Encrypting Emails: If an email includes sensitive or confidential details, please consider using encryption. It's an easy and effective way to add a protective layer, ensuring your message is viewed only by its intended recipients.
- Consult ETS for Highly Sensitive Data: For Personally Identifiable Information (PII) or other highly sensitive data, emailing, even when encrypted, might not always be the optimal way to share. Our ETS Security Team is happy to help you explore the most secure methods, such as secure file transfer (FTP) or other approved channels.

Think Before You Forward: Before you forward an email, it's helpful to pause and consider its content. Is the information suitable for the new recipient? Does it contain sensitive details that might not be appropriate for wider sharing? If you're unsure, choosing to be cautious is always a good approach.
If You Receive Misdirected Information: Should you receive an email or document that wasn't meant for you, particularly if it seems sensitive, we kindly ask that you let the sender know right away and delete the information. Please refrain from forwarding it. This thoughtful action helps us all prevent further unintentional sharing.

Why This Matters: A Foundation of Trust, Impact, and Responsibility

As your Chief Information Security Officer, I truly believe that safeguarding information is a cornerstone of our shared achievements. It’s about cultivating and sustaining trust with those we serve and within our own teams. This dedication to security gracefully aligns with our collective responsibility to act with integrity, thoughtfully manage sensitive details, and ultimately, positively influence the lives of Wyoming citizens.

In addition to our ethical considerations, we also navigate important legal responsibilities. Unintentionally sharing PII can sometimes lead to notification requirements and other legal considerations. Taking a brief moment to review and secure information can genuinely help us all avoid significant legal and reputational hurdles for our agencies and the state.

We deeply understand that human errors are a part of working life, and our focus is warmly placed on increasing awareness and supporting prevention. When incidents arise, we thoughtfully investigate to understand the situation, always prioritizing education and reinforcing our best practices. While our goal is firmly rooted in fostering a culture of learning and continuous improvement, we also gently remind that consistent attention to security protocols is a valuable professional practice for all staff.

Every piece of information we handle is a valuable trust. By being mindful and intentional in our digital communications, we thoughtfully contribute to a more robust and secure environment for all Wyoming agencies and for the public we are so privileged to serve.

Page updated

Report abuse