The following message is being sent to all Microsoft Office 365 users on behalf of NYS Office of Information Technology Services (ITS) Chief Information Officer Angelo ‘Tony’ Riddick.
As a result of the recent invasion of Ukraine and the corresponding economic sanctions imposed on Russia, cybersecurity experts now warn that Russia may retaliate by launching a series of cyber attacks around the globe, including on state and local governments within the United States. Financial institutions are already bracing for this possibility, and as state employees we should also be on heightened alert.
Since our strongest cybersecurity posture requires every state employee to be engaged and doing their part, WE ARE ASKING FOR YOUR HELP TODAY.
WHAT YOU SHOULD KNOW ABOUT THE CURRENT THREAT LANDSCAPE
- While the endpoint detection measures and 24-7 monitoring of the state’s technology infrastructure by the office of Information Technology Services (ITS) prevents the vast majority of attempted cyber attacks, there are more threats today than ever before.
- Recently, the state has seen an uptick in traffic attempting to connect to our network with IP addresses that originate in Russia. ITS has blocked these attempts, but if you notice any suspicious activity please alert them immediately.
- More than 90 percent of successful cyber attacks start with a phishing email that presents a link or webpage designed to look real but is a trick to get you to reveal sensitive information. Be vigilant and think before you click. If you receive a link you don’t recognize or something feels wrong, trust your instincts.
HOW YOU CAN PROTECT YOURSELF AND THE STATE’S NETWORK
- Do NOT click on any links from an unknown sender or unexpected email. Instead, hover over any links in an email before opening to ensure that the URL matches that of a legitimate site. Pay close attention to the warning banner at the top of the email message to determine if the email came from an external source. Emails from NYS agencies within our O365 environment will not include this banner. If you believe you have received a phishing email, delete it or report it using the “Report Message” feature in Outlook (located on the far right hand side of the toolbar at the top of an opened email).
- Be suspicious of ALL unsolicited phone calls, texts or email messages. Some recent examples include texts and emails asking recipients to update their personal information for expiring government documents or licenses, or even to apply to fraudulent NYS job postings. Be wary.
- Do NOT provide any personal information, such as your social security number, PIN or passcode. In addition, consider limiting the amount of personal information you post on social networking sites. This information can be used at any time by scammers to get you to let your guard down.
- Create a strong password that is difficult to guess and do not write it down or share it with anyone. Change it in accordance with your agency’s policies, as many agencies have now moved to a 14 character password changed once a year. Length is now identified as the number one characteristic of a strong password. Include letters, numbers and special characters to make it more complex.
- Update your software frequently. Better yet, turn on automatic updates for all devices, applications and operating systems. Bad actors will exploit security flaws in older versions to take over your devices.
HOW ITS CAN HELP YOU
- If you have been victimized by a phishing attempt or other cyber scam, contact the NYS Cyber Command Center immediately at email@example.com or 518-242-5045.
- If you have a question, contact the ITS Chief Information Security Office at firstname.lastname@example.org or 518-242-5200.
- Consult the ITS cybersecurity resources available to all state employees and the general public, which includes information on how to create strong passwords, phishing awareness and protecting yourself against ransomware attacks, at: https://its.ny.gov/resources
As always, thank you for doing your part to protect your agency, its data and the state’s network. Good cyber hygiene has never been more important than it is today. Together, I know we can make a difference.
ITS Communications Office
NYS Office of Information Technology Services
Swan Street Building, Albany, NY 12223