To: Board of Supervisors
From: Human Resources
Agenda Section: Consent
SUBJECT:
title
Authorize Annual Mandatory Cyber Awareness Training Requirement
end
RECOMMENDATION(S):
Recommendation
That the Board of Supervisors:
1. Authorize Human Resources, in collaboration with the County Information Technology (IT), to require all county employees to complete 1-hour of Cyber Awareness Training annually effective immediately.
Body
SOURCE OF FUNDING:
N/A
DISCUSSION:
Employee Cyber Awareness Training greatly enhances IT Security posture, standing in the way of cyber criminals. In 2017, the FBI's Internet Crime Complaint Center (IC3) received 1,783 ransomware complaints that cost victims over $2.3 million. Those complaints, however, represent only the attacks reported to IC3. The actual number of ransomware attacks and costs are much higher. In fact, there were an estimated $184 million ransomware attacks last year alone. 91% of successful data breaches started with a spear phishing attack. Ransomware damage costs are predicted to reach $20 billion by 2021.
Voluntary training only solves part of the problem. Over the past nine months, 48% of County Employees (with the exception of DHHS and DCSS) have completed voluntary cyber awareness training. A county-wide annual training mandate will ensure that all county users understand how to identify malicious e-mail and other IT Security concerns. There are significant and ever-increasing liabilities associates with cyber security and training employees is one of the most important measures that the County of Humboldt can actively participate in.
County employees are mandated to complete annual security awareness training per the following regulations:
Code of Federal Regulations Title 45 Chapter A Subchapter C Part 164 Subpart C Section 164.308 Administrative Safeguards ? (a)(5).
I. Standard: Security awareness and training. Implement a security awareness and training program for all members of its w...
Click here for full text