Critical infrastructure includes resources that provide functions necessary for our way of life. Threats to these resources, including cybersecurity exposures, often have debilitating security, economic, and public health and safety consequences.
The evolving cybersecurity risk landscape demands an evolved response.
Through a collaboration between the Cybersecurity and Infrastructure Security Agency (CISA), the Connecticut Military Department (CTMD) Joint Cyber Team, and industry partners like CIRMA, critical cyber resources are now available to help your public entity address evolving cybersecurity threats head-on. The CTMD Joint Cyber Team offers comprehensive Cyber Assessments to all 169 Connecticut Municipalities. The Team uses Cybersecurity and Infrastructure Security Agency (CISA) and Connecticut Interlocal Risk Management Agency (CIRMA) guidelines to assess cybersecurity and relative operational policies.
Assessments are fully funded by the Division of Emergency Management and Homeland Security (DEMHS).
Getting started is easy; Contact a CTMD Joint Cyber Team Member to schedule your Assessment. Assessments take approximately 60 to 90 minutes to complete and should include members of your Information Technology (IT) Team.
Your entity will receive a comprehensive report on organizational vulnerabilities to cyberattacks, infrastructure weaknesses, and proven recommendations for corrective action.
Cyber Assessments can help:
- Reduce the likelihood of a damaging cyber incident
- Detect malicious activity quickly
- Respond effectively to confirmed incidents
- Maximize organizational resilience
Assessments can also be used as a framework to qualify your municipality for cyber insurance and funding.
Take advantage of this critical resource today to reduce cybersecurity exposures to help strengthen the resilience of America’s infrastructure—including Connecticut cities and towns like yours.
Remember, training and education remain the most effective defense against cybercrime and knowing how to protect yourself, and your organization is easier than ever. Learn at your own pace and when and where you choose with CIRMA’s e-learning resources, 24 hours a day, seven days a week. If you haven’t taken advantage of the many benefits available through CIRMA’s e-Learning platform, contact your local CIRMA Risk Management representative today to get started. CIRMA members and their employees enjoy access to this exclusive learning platform as part of their membership.
Check out CIRMA’s Cyber Center to learn how CIRMA can help your organization prevent and manage cyber exposures.
Cyber Resources Created for CIRMA Members:
Although widely known as the first line of defense in avoiding cybercrime, passwords have long been firmly established as the weakest link in public entity cybersecurity protocol. Poorly managed passwords remain the most significant and preventable threat to your public entity’s security posture due to the unfortunate reality that people continue to use weak login passwords. To make matters worse, these same passwords are often also used across various devices, platforms, and websites. In these cases, by hacking one password, cybercriminals effectively open the doors to your entire digital ecosystem.
As much as we try to convince ourselves that our passwords are impenetrable, professional hackers use tools and tactics that can help unveil them in seconds. Weak password security can lead to data breaches, identity theft, and even computer hijacking, allowing criminals to access and exploit your entity’s personally identifiable records.
Are you still using your cat’s name, followed by an exclamation point, as your password? Do you use the same password for a variety of logins? If so, it’s time for a change. And when it comes to protecting yourself, your colleagues, and the community you serve, there’s no better time than the present.
Four easy steps to becoming a Password Pro:
- Keep it complicated. Consistently updating passwords containing more than ten characters, with a mix of letters, numbers, and symbols can help significantly reduce your risk of being hacked.
- Don’t make it personal. A study conducted by Morris and Thompson in 1978 demonstrated that it is easier to guess passwords through personal information (family members’ names, birthdays, home addresses, etc.) than to decipher them.
- Use random passphrases. A passphrase (e.g., “memo-tiger-thread-glue-button” or “Isn’t that quarterback the best in New England?”) can be easier for you to remember but more difficult to hack. The key to creating solid passphrases is randomness.
- Get password (and cyber) smart. The helpful tips above are examples of the initial steps you can take to protect yourself, your colleagues, and your community against cybercrime. CIRMA’s member-exclusive Cyber Webinar Series offers contextual scenarios and the latest information on successfully managing password security best practices. Sign in to CIRMA e-learning to access this valuable member benefit, or contact us to get started.
Most of our professional and personal business is conducted online, and maintaining strong and secure passwords is crucial to mitigating cyber-related risks and exposures. Training and education remain the most effective defense against cybercrimes and knowing how to protect yourself and your organization is easier than ever. Learn at your own pace and when and where you choose with CIRMA’s e-learning resources, 24 hours a day, seven days a week.
If you haven’t taken advantage of the many benefits available through CIRMA’s e-Learning platform, contact your local CIRMA Risk Management representative today to get started. There is no additional charge to CIRMA members or their employees for this service.
Check out CIRMA’s Cyber Center to learn how CIRMA can help your organization prevent and manage cyber exposures.
Cyber Resources Created for CIRMA Members:
Experts say the fall season is a temporal landmark or a moment that evokes a flood of positive core memories for most of us. However, despite their fondness for hot apple cider and carving jack-o-lanterns, most risk managers and information technology professionals likely associate the month of October with Cybersecurity Awareness. And we can’t blame them. October is, after all, Cyber Security Awareness month, and the unfortunate circumstances that can arise due to poor cybersecurity practices can be much more frightening than any Halloween scare.
According to IBM’s Cost of Data Breach Report, phishing is the costliest type of cyberattack in 2022, costing $4.91M. And human error is (still) consistently the leading cause of cybersecurity breaches, accounting for 95% of all data breaches. Organizations have battled human error since welcoming technology into the workplace. Whether employees ignore security software updates or fall victim to phishing emails, breaches can evolve from countless avenues due to fundamental human error.
Over 90% of data breaches and hacks result from phishing scams that appear most frequently through emails, where criminals pose as legitimate institutions to obtain personal information. Successful phishing cyberattacks are costly and can cause substantial interruptions to your operations.
If you’re unsure you’ve identified a potential email phishing scam, remember to always err on the side of caution and report it immediately. If you suspect an email phishing scam, here’s what to look for:
- Poor grammar and spelling
- Blurry and pixelized logos/graphics
- Requests that violate established rules
- Requests that are deemed urgent, lack context and are outside of normal business operations
- The “From” email address does not match the sender’s actual name or email address
- Suspicious embedded URLs (hover over the link without clicking to see the actual URL address)
- Suspicious attachments with odd, unrecognizable file names
Identifying common phishing scam tactics is the first step to mitigating cybercrime. Raising awareness about all types of phishing scams through training and education is the most effective defense.
CIRMA Risk Management offers a Cyber Webinar Series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features cybersecurity-related online training courses and webinars proven to educate employees and reduce costly and disruptive cybercrimes, including phishing attacks.
Learning how to be cyber-smart has never been more convenient. CIRMA’s online courses and webinars allow employees to learn at their own pace, 24 hours a day, seven days a week.
If you haven’t taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform, contact your local CIRMA Risk Management representative to get started today. There is no additional charge to CIRMA members for this service.
Visit CIRMA’s Cyber Center for more information on preventing and managing cyber exposures.
Cyber Resources Created for CIRMA Members:
The home office has become a coveted commodity. Unfortunately, not all homes offer dedicated office spaces. Because of this, kitchen counters, dining tables, living rooms, or bedroom spaces are doubling as home offices.
CIRMA’s latest whitepaper, Creating a Home Work Environment That Works for You, identifies best practices for employees working from home who face the dilemma of creating a workstation that allows them to be productive and incorporate proper ergonomics. In this whitepaper, we share achievable and straightforward guidance to help you maximize comfort and reduce risks while working from home.
Adopting healthy behaviors outlined in this helpful resource and knowing what to look for when choosing the right space for you can improve your overall well-being and maximize productivity while working remotely.
Creating a home workspace does not require extraordinary upgrades to your home or even purchasing fancy office equipment. Setting up a workspace with basic ergonomic strategies in mind is beneficial in many ways, including promoting productivity and focus and helping to avoid discomfort and social isolation.
Helpful Resources for CIRMA Members:
Take me to the full whitepaper
Download CIRMA’s latest Workplace Safety Works Ergonomics poster
Benjamin Franklin once said that the only certain things in life are death and taxes. Unfortunately, cyberattacks are becoming another looming certainty to which we’re accustomed. Cyberattacks against municipalities are increasingly common and more sophisticated—and bad actors are dedicated to uncovering new opportunities to exploit their victims.
Social engineering cyberattacks are becoming increasingly prevalent, costing municipalities millions annually. According to IBM’s latest Data Breach Report, social engineering attacks cost an average of $4.54 million—this figure does not include the cost of the ransom itself. To make matters worse, data breaches resulting from social engineering attacks can often lead to widespread fraud and identity theft.
Social engineering is especially dangerous because it relies heavily on the human element rather than operating system vulnerabilities. Cybercriminals exploit human errors and behaviors to manipulate individuals into divulging confidential information that is ultimately used to launch cyberattacks.
Social engineers are masters at their craft, often misrepresenting themselves as trusted individuals in your life, including a friend, family member, colleague, or long-term external business partner. They might send you conspicuous messages containing malicious links or downloads. Suppose the sender cannot prove their identity, asserts an unnecessary sense of urgency, or lacks context or relevance in their request. In that case, odds are they are committing fraud using social engineering tactics.
As with most cyber threats, social engineering schemes continue to evolve and become more sophisticated. However, through targeted education, public entities like yours can equip employees with the techniques they need to avoid the high-stakes risks of social engineering tactics, including preventing costly data breaches.
CIRMA Risk Management offers a Cyber Webinar Series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features cybersecurity-related online training courses and webinars proven to educate employees and reduce costly and disruptive cyber exposures.
Courses and webinars are available for employees to learn at their own pace, 24 hours a day, seven days a week.
If you haven’t taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform, contact your local CIRMA Risk Management representative to get started today. There is no additional charge to CIRMA members for this service. Visit CIRMA’s Cyber Center for helpful information on preventing and managing cyber exposures.
Helpful Cyber Resources for CIRMA Members:
Social and Emotional Wellness at Work; How Does Your Entity Measure Up?
The adoption of workplace social and emotional health programs skyrocketed over the past two years due to heightened visibility during the pandemic when remote and high-risk work environments caused or exacerbated employees’ psychological and behavioral health issues.
As lines continue to blur between work and home life, personal stressors such as financial strain, childcare concerns, and other obstacles can also weigh heavily on the minds of your staff and colleagues. In addition, the effects of stress and trauma can be significantly compounded if an individual does not have stable, positive relationships at work.
Providing social and emotional health programs and resources or enhancing your entity’s existing offerings can make a world of difference. In addition, employees who actively foster social and emotional health within their organizations can help nurture an inclusive and positive culture that will yield significant benefits over time. Below are a few examples to consider:
Recommendations for Improving Social and Emotional Health at Work
1) Be a model for the social and emotional culture you want to see in your organization. Some of your coworkers will prefer to remain private and keep to themselves while managing difficult situations. However, if welcomed, take an active interest in your colleagues’ lives and overall well-being. Engage in routine wellness checks and provide appropriate levels of support when needed to help build trust and provide an emotional safety net for future times of crisis.
2) Make it easy for employees to know whom to talk to or where to go to access social and emotional health resources. Time and time again, studies reveal that what employees want the most in the workplace is training and more easily accessible information about where to go or whom to ask about mental health support. Ensure that all employees understand how they can access emotional support tools and resources within your organization; resources can include an appointed delegate who is equipped to guide personnel to these resources.
3) Establish an employee assistance program. Organizations will typically utilize an employee assistance program to support workplace social and emotional health. Extending these benefits to immediate family members can increase employee effectiveness and increase utilization. In addition, form a working group to help identify needs for more tailored solutions that will best serve your entity’s needs; members of this working group can also assist in implementing these resources, serving as program stewards.
4) Establish a peer-to-peer program. Peer-to-Peer programs have proven effective in providing employees with a productive outlet to discuss social and emotional issues they might be dealing with. In addition, peers can often empathize with their colleagues’ feelings because their experiences are often similar.
Many of us spend a significant percentage of our lives at work—and if someone is struggling with social and emotional concerns, it can be challenging to put them aside and try to ignore them while on the job. However, by implementing the recommendations outlined above, you can help your colleagues and staff be the best versions of themselves— in the office, at home, and beyond.
Have questions about social and emotional health and wellness within your public entity? Contact your Risk Management professional for more information.
In Connecticut, occupational exposure to tick-borne diseases is a recognized hazard. Outdoor workers must protect themselves in the spring, summer, and fall when ticks are most active.
School and Parks & Rec departments should be hyperaware of the danger to students and children participating in summer camp or other outdoor sports activities.
Those who are at particular risk include:
– Parks and recreation employees,
– Public works employees,
– Summer camp counselors,
– Animal control officers,
– Athletic coaches and teachers, and
– Police officers and firefighters
Ticks in Connecticut can carry a variety of disease-causing agents, including bacteria, protozoa, rickettsia, and the rare but fatal Powassan Virus.
Tick-Borne Diseases Identified in Connecticut:
– Lyme disease (Borrelia burgdorferi),
– Human granulocytic anaplasmosis (Anaplasma phagocytophilum),
– Babesiosis (Babesia microti),
– Ehrlichiosis(Ehrlichia chaffeensis),
– Rocky Mountain spotted fever (Rickettsia rickettsii),
– Powassan encephalitis(POWV), and
– Hard-tick relapsing fever (Borrelia miyamotoi).
While the number of human cases of these diseases in Connecticut remains low, the infection may have serious consequences. Without preventive measures in tick-infested areas, contracting a tick-borne illness in Connecticut, particularly Lyme disease, is entirely plausible.
All public sector employees required to work in tick-infested areas should know how to protect themselves and their coworkers from tick bites and the signs and symptoms of Tick-borne Disease. For information on workplace controls and Lyme Disease symptoms, download NIOSH Fast Facts. In addition, CONN-OSHA’s Safety and Health Consultation Program is available to help Connecticut employers with this initiative.
Read more about this issue in the CONN-OSHA quarterly.
Download CIRMA’s Tail Gate topic on Ticks and Lyme Disease.
Access CIRMA’s online portal for more important employee training and education tools and resources on relevant seasonal topics.
Sprains and Strains; A Preventable Workplace Exposure
Sprain and strain injuries are the most common and costly workplace injuries. Employees can injure their knee, shoulder, wrist, or back while performing everyday work-related tasks.
So what are Sprains?
A sprain is an injury to a ligament (tissue that connects two or more bones at a joint). In a sprain, one or more ligaments are stretched or torn.
What are Strains?
A strain is an injury to a muscle or a tendon (tissue that connects muscle to bone). In a strain, a muscle or tendon is stretched or torn.
The Causes of Sprains and Strains
Sprains and strains can happen suddenly or develop over time. Employees exposed to causative risk factors are more likely to develop a sprain or strain injury.
CIRMA members have reported approximately 11,500 claims over the past five years. While sprain and strain injuries can be frequent and significant to your public entity, the personal costs to the injured employees can be higher. Many are often left in chronic pain or permanently disabled.
The good news is that there are many easy-to-implement and practical steps that municipal and school leaders can take to protect employees. CIRMA members have reduced the number of sprain and strain injuries to employees by 16% over the past five years through resources that educate on avoiding these types of injuries.
Education is key to mitigating risk—download CIRMA’s new workplace safety posters to help raise awareness about injury prevention.
Access CIRMA’s online portal for more important employee training and education tools and resources on relevant seasonal topics.
Bee Careful; Preventing Bee and Wasp Stings
Bee and wasp stings are a common summer nuisance that can turn deadly if the victim develops a severe allergic reaction (anaphylaxis). Public Health experts estimate that up to 3% of adults will have a severe systematic reaction to a wasp or bee sting. Anyone who works or recreates outdoors is at risk of being stung.
Helpful Tips to Avoid Being Stung
- Yellowjackets and wasps become aggressive when searching for food–keep garbage cans covered with tight-fitting lids and away from picnic and camping activity areas.
- Keep food covered
- Serve sweetened drinks in covered containers
- Check food and beverage before eating. Clear away food items after a meal immediately
- Eliminate water sources such as birdbaths and dripping faucets, which attract bees and wasps
- Wear proper foot protection. Require campers and students to wear shoes at all times.
- Remain calm and still when a wasp is in close proximity or lands on you
- Avoid wearing hairsprays, perfumes, colognes, suntan lotion, or brightly colored clothes outdoors
- Mow carefully–be observant ahead of the mower if there is a wasp nest on the lawn
Bee or wasp sting symptoms that warrant immediate medical attention include:
- Coughing or wheezing
- Problems breathing or swallowing, or having tightness in your throat
- Changes to your skin, such as breaking out into hives
- Feeling lightheaded or dizzy, or fainting
- Vomiting or diarrhea
Access CIRMA’s online portal for more important employee training and education on relevant seasonal topics.