Cybersecurity webinar demonstrates Florida’s new policies for digital safety

Conor Moore | Staff Writer

In today’s technology-dominant landscape, you can never be too secure on the internet. Owing to major upticks in cyber crime like hacking and fraud, a webinar hosted by the Jack D. Gordon Institute introduced initiatives to combat cybercrime in Florida.

“Last year, the Florida Legislature presented House Bill 7055,” said Program Director Mike Ascensio at the webinar, titled “Strengthening Florida’s Digital Frontiers: Building Statewide Cybersecurity Resilience”. “That house bill was approved by the legislature and signed into law. It became Section 280 2.3185, known as the Local Government Cybersecurity Act.”

“What’s interesting about this is that this bill was to require state agencies and local governments to report cybersecurity and ransomware incidents, right to provide cybersecurity training requirements, to report after action and other reports, and to prohibit certain entities from paying or otherwise complying,” they said.

A ransomware attack seizes a user’s files and threatens to publish, sell, or delete them unless a ransom is paid – effectively holding your digital footprint hostage. More than a third of organizations globally suffered ransomware attempts in 2021.

A few months ago, Florida suffered a ransomware attack that attacked state and university servers. Recently, a sheriff’s office was also targeted by a ransomware group, allegedly from Russia, which stole data related to personal information on employees.

Ascencio referred to Section 282.3185 in Florida’s law, which mandates employees’ access to sensitive information to complete advanced cybersecurity training within 30 days after starting employment and annually later.

“A lot of times you may have employees that don’t even consider themselves as having that kind of access, but just because of their level of employment and their level within the administration,” said Ascenio. “Does the mayor of the city need to have access to all of the employees’ social security numbers and date of birth and their health information? Not really. That opens a much wider scope of what’s at risk within a local municipal or state agency.”

Florida has asked that all security incidents  be reported within 48 hours; if it’s ransomware, then 12 hours, Ascenio said. 

“Now, ransomware groups don’t always want money, or bitcoin or whatever,” he said. “Sometimes, they want information or employee ledgers. You cannot comply or give them anything.”

Ascencio advised the audience to remain vigilant in this ever-changing digital landscape.

“Criminals are very sophisticated. These are not just criminals, they can be state actors, as well. It can be anywhere. But this is why we’re prepared,” said Ascencio.