Texas HB 3834 &
Cyber Security Awareness Training
With the passage of Texas HB 3834, all local and state government employees, and even state contractors, are now required to complete a Department of Information Resources (DIR) approved Cyber-Security Awareness Training Program ~ like CAER’s PII Protect Cyber-Security Training!
Q. What constitutes a local government?
A. As defined in Chapter 2054 of Texas Government Code, local government includes a county, municipality, special district, school district, or other political subdivision of the state.
Q. Do local governments have to use a certified training program?
A. Yes, local governments must use a certified training program, unless the local government employs a ‘dedicated information resources cybersecurity officer’ and has a cybersecurity training program that satisfies the requirements.
Q. Which local government employees are required to complete annual cybersecurity awareness training?
A. Local government employees who have access to a local government computer system or databases and elected officials are required to complete annual cybersecurity awareness training.
Q. Do contractors of local governments have to complete cybersecurity awareness training?
A. No, the contractor training requirement only applies to state agencies. However, ensuring that contractors have appropriate awareness of cybersecurity best practices can be beneficial to any organization.
If you haven’t established a formal security awareness training program yet, we would like to offer our assistance in setting up your program, from annual training, procedures & policies, to regular training and monitoring.
Why is the HB 3834 Regulation Necessary?
Governments and schools have become prime targets for hackers with increasing frequency and success. In August 2019, 22 small Texas towns were affected by a coordinated ransomware attack that appears to have been pulled off by “one single threat actor,” according to the Texas Department of Information Resources (DIR). Recently, Manor ISD paid 2.3 million to hackers who got a spam email through to an unsuspecting employee. Even the ‘Shark Tank’s’ Barbara Corcoran was hit by a phishing scam…
"Barbara’s team fell victim to a sophisticated phishing attack. Her bookkeeper received a request for a wire transfer that seemed legitimate. She validated the information by emailing back and forth with the “sender” whom she believed to be Barbara’s personal assistant. Unfortunately, she didn’t realize that there was only one letter missing from the correct email and authorized a wire transfer or over $380K". ~ Robert Herjavec
Statistics have shown that over 90% of all cyber-attacks are caused by human error. Today, a strong security program is the key to staying out of the news. Which is why CAER Technologies offers annual certified cyber-security awareness training. fill in the form below for more info and pricing for your employees.
What is Ransomeware
Ransomeware. In Wikipedia; "Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult."
So what does this mean to your organization? Hackers send very convincing emails attempting to get unwary
readers to click or open an attachment. The link will take the user to a fake website designed to steal login credentials, like a fake Google Gmail account or Office365, thus giving the attackers usernames and passwords. The attachment may have instructions to begin downloading unwanted software that runs on legitimate Windows services and begins shutting down services like antivirus software and mal-detectors. This software then dumps it's payload and begins encrypting particular files, such as documents, spreadsheets, pictures, email-related files and database files both on the computer and on the network.
This is why we have partnered with Entegration, Inc. to offer local governments, schools, and contractors a Department of Information Resources (DIR) approved cyber-security awareness training program. Our training is designed to help your employees be diligent when perusing emails, be able to spot a fake and avoid being a victim and exposing your organization to costly recoveries.