May 17, 2021: Following the Ransomware Attack on the Colonial Pipeline, Texas Governor Greg Abbott took action and announced that he was signing a new cybersecurity law that penalizes those who don’t comply with previously enacted cybersecurity training requirements (HB3834). The pipeline attack left 100GB of data ‘locked’ and caused the shutdown of the U.S.’ largest pipeline. It carries 45% of the fuel used on the U.S. East Coast and runs from Texas to the New York Bay Area. This attack along with the increasing numbers of Ransomware Attacks overall has lead many states to pass cybersecurity training requirements in their legislative bodies in recent years as shown in the map above.
State Laws
State agencies know most data breaches start with human error. Texas has now made it mandatory for government agencies in the state to have annual cybersecurity awareness training or be penalized for noncompliance. Other states, seen above, have mandatory laws requiring users’ cybersecurity awareness training. These states include:
- Arizona (some areas require)
- California (some areas require)
- Colorado
- Delaware
- Florida
- Louisiana
- Maryland
- Montana
- Nebraska
- Nevada
- New Hampshire
- North Carolina
- Ohio
- Oklahoma
- Pennsylvania
- Texas
- Utah
- Vermont
- Virginia
- West Virginia
If your state is on this list, it’s vital that your organization works with a company like CyberHoot to ensure that you’re compliant with your state’s cybersecurity training requirements. More importantly, you should comply because your users are desperate for guidance on how to spot and avoid phishing attacks, to learn why password managers are so important for password hygiene, and how to protect the Personally Identifiable Information (PII) entrusted to them in their public roles and capacities.
Your organization must take action to secure your systems, users, and data. 45% of public entities have been attacked with Ransomware in recent years. The stakes are simply too high now not to take proactive measures given what’s happening across the US to public entities and ransomware.
What To Do?
It’s vital that cybersecurity awareness training become a part of your organization’s security program. Training and testing your users can only help improve your organizational security posture, as CyberHoot’s Co-Founder Craig Taylor said, “Productivity, Security, and Confidence come from Cybersecurity awareness training and testing“. The following actions can be taken by your organization to ensure that you’re providing top-notch services to your users when for cybersecurity awareness training:
- Work with a Learning Management Solution (LMS) like CyberHoot to train AND test your users on popular up-and-coming threats (phishing, smishing, etc). It’s vital that users are tested so they can apply their knowledge to similar threats.
- Adopt Two-Factor Authentication to prevent a password breach of your business’s VPN, email services, and any other critical service that is directly Internet accessible
- Adopt a password manager for all your staff to use personally and professionally to improve password hygiene
- Regularly backup data following the 3-2-1 backup method for backing up all your critical and sensitive data.
- Govern employees with Cybersecurity Policies and Processes that explain requirements for protecting data, computers, and networks at your company.
- Purchase Cyber insurance for those catastrophic events to help you recover before going under.