State

North Dakota urges residents to take free cyber risk assessments

The state's cybersecurity education program now includes a free risk assessment tool that scores users on the risk level of their computing environments.

By Colin Wood

January 7, 2021

(Getty Images)

In its latest attempt to stem cyberattacks across the state, the North Dakota Information Technology Department last month started nudging visitors to its website toward a free online service that provides cybersecurity assessments.

The defend.nd.gov site, which includes advice on how to avoid phishing attacks and tips on how to stay safe online, also encourages users to follow a link to a cybersecurity assessment called S2ME, which is operated by Minnesota firm SecurityStudio. Officials told StateScoop they signed up with the company as part of an effort to “bring cybersecurity awareness to empower the citizens of North Dakota and help them be aware of the cybersecurity risks that can affect our everyday lives.”

“This one piece of a long-term, multi-faceted cybersecurity education and outreach initiative we started during pandemic response to bolster security on devices, since so many employees and students we support were moving to virtual and hybrid environments,” Kevin Ford, the department’s chief information security officer, wrote in an emailed statement.

Users of the online assessment are asked to enter basic demographic information, which SecurityStudio says is aggregated for privacy, such as age, zip code and job title. The platform prompts users to answer a series of surveys across 10 categories, like breach and incident response, household computers and authentication.

Users who respond to questions with answers indicating they are not practicing safe cybersecurity are presented with information about why their behavior is risky. Completing the full assessment presents the user with a report and a numerical score, not unlike a credit report, along with a breakdown of the user’s score for each category, an overall comparison to the average score of users in their age group and recommendations with detailed instructions and links to additional resources, which users can follow to earn points and achievement badges on their profile.

Cybersecurity, which was already the top priority of state chief information officers, was elevated even higher when the pandemic forced entire state workforces to begin working remotely last year. CIOs and their chief information security officers have emphasized over the past year many new challenges stemming from altering IT environments long designed with the expectation that most users would be located at a few known government buildings.

North Carolina Chief Risk Officer Maria Thompson told StateScoop last October that the new paradigm has forced government security professionals to reconsider their prior assumptions about cybersecurity.

This story was updated to correctly attribute the technology department’s statement to Kevin Ford.