Ohio AG Releases 4 Steps to Increase Cyber Security After Report Suggests Many Feel Unable To Protect Against Cyber Attacks

October is Cybersecurity Awareness Month, with the theme this year of “Secure Our World.” In the wake of alarming cyberattacks impacting healthcare, like the Change Healthcare cyberattack in February of 2024 that could have impacted the records of as many as 129 million patients, taking action to secure electronic systems and databases has become more important than ever. Additionally, a new report found that Many state chief information and security officers say they don’t have the budget, resources, staff or expertise to feel fully confident in their ability to guard their government networks against cyberattacks.

1. The Ohio Attorney General’s Office is proud to support this annual awareness effort by promoting four steps to improve security in cyberspace when using smartphones, tablets, computers and other internet-connected devices.Multifactor authentication (MFA): MFA is already available on many of your online accounts, apps and programs. It adds an extra layer of security by requiring you to verify your identity in addition to entering your password, usually by sending a code to your mobile device via an email or text message. To authenticate your identity, some MFA systems use biometrics such as facial recognition or a fingerprint. Activating MFA on as many accounts as possible can significantly reduce the risk of unauthorized access. To enable it, check the Account Settings, Privacy or a similar option on your accounts.
2. Passwords: Strong, unique passwords are essential for securing your accounts. Experts recommend using passwords of at least 16 characters – including random combinations of letters, numbers and symbols – and ensuring that you have a unique password for every account.
   To manage multiple passwords, consider using a reputable password manager, which securely stores your passwords and allows you to access them across devices. With a password manager, you need to remember only your master password.
3. Software updates: Make sure that your online devices have the latest program updates, paying special attention to anti-virus programs and internet browsers. Be on the lookout for notifications about available updates and install those updates as soon as possible. Activating automatic updates whenever offered saves you from having to remember to check for updates.
4. Phishing: Phishing scams are messages designed to appear to come from a trusted source, such as your bank or credit-card company. Phishing occurs when someone impersonates a legitimate person, business or organization to try to trick victims into revealing private data, typically by luring them to click on a malicious link that leads to a phony website. You can spot phishing attempts by recognizing signs, such as the use of language suggesting that the request is urgent and asking you for financial or other personal information. If a message appears suspicious, don’t click on any links, download any attachments or call any phone numbers included in the request. Report it to the real organization that is being impersonated or to your email provider – and delete the message. If you need to contact an organization to verify a message, contact the organization using information found on its official website or another legitimate source, such as on the back of your bank debit card or on your credit-card statement.

Further highlighting the importance of cybersecurity, a Deloitte & Touche biennial cybersecurity report was recently released, which outlined where new threats are coming from, and what vulnerabilities these teams have. To complete the report, officials in all 50 states and the District of Columbia were surveyed. The report found that governments are relying more on servers to store information, or transmit it through the Internet, and all the connected online systems create more opportunities for attack.

The emergence of AI is also creating new ways for bad actors to exploit vulnerabilities, as it makes phishing scams and audio and visual deepfakes easier. The report laid out some tactics tech departments could use to navigate these challenges, including leaning on government partners, working creatively to boost budgets, diversifying their talent pipeline, continuing the AI policy conversations and promoting the CISOs role in digital transformation of government operations.

For more information about National Cybersecurity Awareness Month, visit the National Cybersecurity Alliance website at www.staysafeonline.org. For more cybersecurity tips from the Attorney General’s Consumer Protection Section, click here.