Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowChetrice Mosley-Romero takes cybersecurity seriously—but she also believes in taking an upbeat approach when it comes to educating Hoosiers on the topic.
“People can make it complicated, people can make it overly technical, honestly,” Mosley-Romero said. “But I truly, truly believe cybersecurity can be fun in nature. It can be light-hearted. I mean, we most certainly care about it because of the doom of it. But I also think that it can be personal.”
Mosley-Romero, who was appointed as the state of Indiana’s first cybersecurity director in 2017, left the position this week for a similar job on the federal level. She’s now Indiana’s cybersecurity state coordinator for the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency, or CISA.
Her successor at the Indiana Office of Technology has not yet been named.
In her new role, as before, she’ll be helping Indiana’s local government entities and state agencies improve their cybersecurity and stay ahead of emerging threats. With CISA, Mosley-Romero said, she’ll continue “to do the really great stuff I’ve been doing in Indiana, but with more resources, with more assistance and being able to kind of see the bigger picture.”
IBJ caught up with Mosley-Romero this week to talk about her approach to cybersecurity, and what entities can do to protect themselves.
Government entities have some unique vulnerabilities when it comes to cyberattacks, Mosley-Romero said. They may not have the latest technology or a robust cybersecurity staff, election-related leadership changes can weaken their cybersecurity posture, and they provide critical infrastructure such as 911 service, public utilities and other things criminals can target for ransom.
One of the best moves government entities can make, Mosley-Romero said, is to assess their current level of cybersecurity, see where they need to improve—and not become overwhelmed in the process.
“It’s important to know that doing a little something is better than nothing,” Mosley-Romero said. “A lot of times, when you talk with [cybersecurity experts], it’s like, ‘Oh, well, you have to do these 100 things.’ And I’m like, ‘Whoa. But you could do these 10 things and project yourself 70% of the way.’ And wow, is that way better than feeling too overwhelmed by the 100 things and not doing it at all.”
Simple things like using multifactor authentication and strong passwords, and staff training, can go a long way, Mosley-Romero said. “Between 80% to 90% of all cyber attacks happen because of a person clicking on a [malicious] link.”
In Indiana, local government entities can get free cybersecurity assessments from the Indiana Office of Technology. Purdue University’s cyberTAP program also offers education and services for both state and local governments and businesses.
“There are great resources out there where you don’t have to pay somebody to do it,” Mosely-Romero said.
In helping Hoosiers to improve their cybersecurity, Mosely-Romero believes a light-hearted and human-focused approach is most effective.
In a blog post last year for the Indiana Office of Technology’s cybersecurity blog, for instance, Mosley-Romero used National Dice Day (Dec. 4) as an occasion to share tips for staying safe while online gaming. In honor of Valentine’s Day, she shared advice on avoiding online romance scams.
“I remember things if it’s funny, if it makes me laugh or I think it’s clever. … I’ll remember that [more] than just kind of a monotone person saying, ‘Do this, this and this,’” Mosley-Romero said. “So I think we should approach cybersecurity in a more human way to the psychology of cybersecurity and not just in a more in a bureaucratic way, which I think is the wrong way.”
Please enable JavaScript to view this content.