State of Montana Cybersecurity
Featured Links
CYBERSECURITY AWARENESS
Best Practices
This is a list of best practices that individuals and organizations can adopt to improve their cybersecurity hygiene. The most important thing you can do is to think critically and act cautiously.
Passwords
- Change passwords to be long & strong (the more characters the better).
- Change your password now, even if your password is not due to be changed yet.
- Don’t use the same passwords for work accounts and personal accounts.
- Don’t provide passwords to anyone, not even the security team or the service desk.
Privileges
- Use Least Privilege – logon to workstation as a user and elevate to administrator only when needed.
- Remove excess privileges, only keep the least privilege needed to perform job functions.
Backups
- Backup critical documents – backups should not be connected or mapped to workstations.
Social Media
- Scrub employment and personal information from social media (Facebook, Twitter, Instagram, etc.) – don’t list job title and department name, don’t list address and phone number and pets names, etc. – this information can be used by Anonymous and other bad actors to social engineer you and coworkers.
Hardware
- Don’t enable macros in files unless you were expecting to receive the file from the person that sent it.
- Don’t plug unknown USB sticks/thumb drives into workstations.
- If a workstation becomes infected by ransomware, immediately disconnect from network - but do not shutdown the workstation – then notify the security team.
- Don’t let anyone else use your State workstation, not even family members.
Software
- Don’t use unapproved software on workstations.
- Don’t store sensitive information on workstations unless absolutely necessary for job functions.
- Ensure all software on workstations are fully patched to currency.
- Ensure antivirus software is functioning and receiving updates daily.
- Always use VPN (with Multi-Factor Authentication) when connecting to State resources from outside of the office, especially when using public hotspots.
- Don’t forward suspicious emails to anyone other than the security team.