A message from Comptroller William McNamara in observance of Cybersecurity Awareness Month
Each October, the Office of the Comptroller marks Cybersecurity Awareness Month. This year, we are pleased to be working hand-in-hand with the Executive Office of Technology Services and Security (EOTSS), and so many of our statewide partners to promote this important initiative. Our shared goal is to keep public funds and information out of the hands of fraudsters.
We are encouraged to see the Commonwealth collaborating on this message, including our partners at the Executive Office of Technology Services and Security (EOTSS), the Executive Office for Public Safety and Security (EOPSS), the Massachusetts State Police, the Executive Office of Energy and Environmental Affairs (EEA), the Massachusetts State Police, MassDOT, the Massachusetts Technology Collaborative, the Mass Cyber Center, municipalities throughout the state, and private sector partners as well.
I wholeheartedly support these agencies’ work to organize the Massachusetts Public Sector Cybersecurity Summit, taking place in Needham on Wednesday, October 30. I encourage leadership and IT professionals from throughout the Commonwealth to attend and learn about the latest threats and prevention measures. Interest is high, but please consider joining the waitlist.
Cybersecurity awareness, however, is not solely the responsibility of leadership and information technology. All employees throughout the Commonwealth must be vigilant against bad actors. There are three simple steps that anyone, especially staff working in state finance, accounting, payroll, procurement, or contract roles can take to prevent most types of cyber attacks: Pause Verify Report.
Whenever you receive a request that is a little bit out of the ordinary, PAUSE and think – is this a legitimate request? VERIFY that it is by double-checking that it is coming from the actual sender. This is especially important when you receive a request to modify banking information or personal information like a Social Security Number or routing number. And finally, if you are unable to verify that it is a legitimate request, REPORT the message to your IT staff or other management.
To educate employees on the types of risks that we face, the Office of the Comptroller has published a toolkit that you can use to share cybersecurity awareness content with your employees throughout the Commonwealth. We hope this, as well as resources we will publish all month on MAComptroller.org and our social media channels, can empower every employee to be our first defense against those who might defraud the Commonwealth. Every employee can make a difference when they Pause, Verify and Report!