A Note from Colorado’s Secretary of Technology & CIO

Dear Customer,

October in Colorado generally means the start of cooler weather, pumpkin everything and of course Halloween. It may be lesser known, but October is also National Cybersecurity Awareness month. Even though there is an increased focus on cybersecurity during October, keeping your data and online accounts safe is important to us at OIT every day of the year. With that focus in mind, we are requiring all state Gmail users to enroll in Google’s 2-Step Verification. This extra layer of security will greatly reduce successful phishing attempts on state accounts -- giving you one less thing to fear this Halloween season!


Suma Nallapati
Secretary of Technology & CIO

Cybersecurity Awareness Month
Brush Up On Your Internet Safety Skills 

Back in 2004 when the U.S. Department of Homeland Security designated October as the month for their National Cybersecurity Awareness campaign, they may not have known just how important cybersecurity would become. In 2015, nearly half a billion personal records were stolen or lost due to cybersecurity attacks. Many of the incidents could have been avoided if the individual users were more educated on cybersecurity.

Governor John Hickenlooper recognizes the importance of the issue and has proclaimed October Cybersecurity Awareness month for Colorado. Our Office of Information Security has published a set of statewide technical policies and standards to help ensure that state system and data are protected -- all technical personnel, regardless of agency, should make sure they are familiar with them. For state employees, the most important thing you can do is to complete the required cybersecurity training and apply what you’ve learned.

Only Two Weeks Left to Enroll in 2-Step
Enroll Before Nov. 15 to Avoid Being Locked Out of Google

By now you’ve probably seen the prompts to enroll your state Gmail account in 2-Step Verification. Most of you have already done so, but some still may be wondering why it is necessary. Our state workforce has fallen for phishing attacks that ultimately could have put our state data and resources at risk. You may be thinking, “That won’t happen to me,” but the reality is that phishing attacks can look pretty professional these days. Many people don’t even realize they’ve fallen for a fraudulent email asking them for their Google username and password. Now, thanks to the security provided by 2-Step Verification, even if you do, the request for the second factor authentication (code) beyond your password will stop most successful phishing in its tracks.

The enrollment period for 2-Step Verification continues through the end of day on Monday, Nov. 14:
So take the time to sign up for 2-Step today! Not sure how to get started? Check out OIT’s TechU.

What is Spear Phishing?!
VIDEO: What's the Deal with Phishing vs. Spear Phishing

Phishing is the attempt to gain sensitive information like usernames, passwords, credit card information through email by appearing to be a recognized and trustworthy source. But have you heard of spear phishing? 


Featuring Guest Blogger Merlin Namuth from Red Robin Gourmet Burgers, Inc.

There are dangers you need to be aware of when using social media. People with ill-intent (attackers) use social media sites to steal personal information, commit fraud, and infect your personal computers, tablets, and smartphones with viruses/malware. You can take steps to protect yourself and still enjoy the many benefits of social media.

Read this month’s #StateofCO IT guest blog from Merlin Namuth, Director of Standards, Risk, Compliance, and Security with Red Robin Gourmet Burgers, Inc.