Cybersecurity

Closeup of computer mouse pointing to "Security" on a screen.

The Cybersecurity team in the Office of Information Technology works to identify and neutralize digital attacks on DCH resources and data. The team also works to create better awareness among employees about cyber threats and ways to stay safe, while maintaining compliance with information security laws, policies and best practices.

Phishing Emails

To report a phishing email, please utilize the PhishAlarm button in your Outlook email.

Policies and Procedures

Review policies and procedures here.

Meet the Team

Click here to meet members of the Cybersecurity team.

Incident Response Report

Please complete the Download this pdf file. incident response report  within 24 hours of detecting a cybersecurity incident and forward to the Cybersecurity team at [email protected].

Cybersecurity Tips and Tricks FAQs

  • What is a social engineering attack?

    Social engineering is an attempt by one or more hackers to take control of your system or steal information. This can happen through various deceptive ways to gain your trust – via email, phone, social media, U.S. mail or direct contact. Examples of social engineering include phishing, spear phishing and CEO fraud.

    ExpandCollapse
  • What can I do about social engineering attacks?

    DO:

    • Stay aware and vigilant.

    DO NOT:

    • Share your account ID/password with co-workers or anyone – even with IT staff.
    • Store passwords where others can find them.
    • Connect any personal IT equipment such as flash drive, CD, DVD or external hard drive (portable media devices) to a DCH computer, laptop or state network.
    • Save sensitive/confidential data to a flash drive, CD, DVD, external hard drive or other portable device, unless it is encrypted. All DCH flash drives provided for storage of sensitive/confidential data will be issued by OIT and encrypted.
    ExpandCollapse
  • What is pharming, spoofing, phishing? 
    • Some common malicious attacks today are called spoofing, phishing and pharming. These can all create network fraud especially since they are disguised as common emails or a familiar website.
    • A phishing attack involves a lure (email) that is sent to a prospective victim and crafted to appear authentic, as if it came from a person or organization that the victim knows or could expect to hear from. 
    • A spoofing attack is when an attacker pretends to be someone else in an effort to gain a prospective victim’s confidence, gain access to their system, steal data or spread malware. 
    • A pharming attack is where a victim is unknowingly redirected to a compromised website, and they are tricked into giving up confidential information (for example: payment card data or passwords). 
    • Most lures contain links that send the victim to a web page designed to appear as a legitimate company or organization (such as a bank, social media platform or an email log-in page).
    ExpandCollapse
  • What are some ways I can catch and deter phishing attacks?
    • DO NOT CLICK ON THE LINK OR REPLY TO THE SENDER.
    • Never open email that looks suspicious or when the sender is unknown to you.
    • Always check for spelling errors in emails and URL links before you click.
    • Send an email with the phishing or spoofing email or the URL of pharming, to the IT Help Desk.
    • The Help Desk team will log the report so it is tracked and send it to the Cybersecurity Team for investigation.
    • The Cybersecurity Team will contact you directly with the findings and actions to take such as deleting the email.
    • Do not provide sensitive information. Phishing emails might ask for: usernames and passwords, including password changes, Social Security numbers, bank account numbers, PINs, etc.
    • Do not click on any unfamiliar pop-ups.
    ExpandCollapse
  • How do I make a report if I think I’ve been a victim?
    ExpandCollapse