Note: This message is displayed if (1) your browser is not standards-compliant or (2) you have you disabled CSS. Read our Policies for more information.
IOT Security will periodically update this page to address common security issues, new threats or other relevant security information.
PeopleSoft numbers are required for all state employees as well as state contractors of the executive branch who access the state network. The PeopleSoft number provides a means of ensuring that network access is revoked in a timely manner even if an agency oversight fails to remove the access at termination. Additionally, establishing a PeopleSoft number ensures that all workforce members receive appropriate training on the IRUA, sexual harassment, and other programs.
Personal information is one of the most valuable commodities in society today. Government and public service providers gather a wealth of information from taxpayers, car owners, benefit recipients, patients, clients, customers and voters. Businesses, too, are intent on developing ever more sophisticated ways of capturing and using data about individuals.
Keeping your personal passwords private, secure, and unbreakable is one of the most important steps you can take toward safer computing. If your passwords slip into the wrong hands, identities, finances, and other personal information could be in jeopardy. With this in mind, it is vital that those who collect and use personal data preserve the confidentiality of those who are asked to provide it.
How do you choose a good password?
Most people create easy to remember passwords that are based on personal information, however, this is not a good idea; by doing so, you are making it easier for an attacker to correctly guess your password and crack into your personal records. Consider a four-digit PIN number. Is yours a combination of the month, day, or year of your birthday? Is it the last four digits of your social security or phone number? What about your address? Consider for a moment just how easy it is to find this sort of information about another person. These numbers can easily be found in your normal, everyday phonebook. What about your email password, is it a word that can be found in the dictionary? If so, it may be susceptible to "dictionary" attacks, which attempt to guess passwords based on words found in the dictionary.
To avoid dictionary attacks, we recommend you create your own acronym and use memory techniques to help you remember how to decode it. For example, instead of using the password "hoops," use "IlTpbb," which stands for: I like To play basketball." We also recommend that you use both capital and lowercase letters when creating your password because it adds another layer of obscurity. Your best defense, though, is to use a combination of numbers, special characters, and both capital and lowercase letters. For example, the I like To play basketball password could be changed to "Il2pBb; this makes the password much more difficult to crack.
Warning: Once you have developed a strong password, do not assume that you should use it for every system or program you log into. If an attacker does successfully guess your password, he would have access to all of your accounts. We recommend that you develop unique passwords for each of your accounts.
Remember that cyber security is everyone's responsibility. Just as one leak can sink a boat, one data leak, one security breach, or one malicious worm can sink an organization. By protecting yourself and the systems entrusted to you, you are protecting your co-workers as well as your entire organization's network and data and, ultimately, the citizens who are depending on you for service.
Complex passwords will soon be required for all users on the state network. This will increase the state's security position and bring it in line with industry best practices. Complex passwords will be harder for you to remember, but they also make it tougher on hackers to crack. This information is designed to help you transition to the use of complex passwords.
The State of Indiana defines complex passwords as:
Formulating and Remembering Complex Passwords
Make every effort to memorize your password instead of writing it down. Writing it makes it easier to steal and could allow someone else to use your ID to access systems. The last thing you want is someone from the night crew using your PC to surf porn or using your email account to pull a prank on the agency director.
It will be challenging to remember your complex password in the first few days after it changes, but keep in mind that IOT is extending the password change interval from 30 days to 90 days for Active Directory, PeopleSoft and the mainframe. This will allow you to use the same password for these systems and change them at the same time.
To help our customers through the implementation of the new password requirements, IOT drafted the following password management tips:
Click here for a list of password usage and creation dos and don'ts.
If You MUST Write It Down
Only as a last resort should you write down a password. If you must write it down, never store it with your User ID, under your keyboard, on your computer screen or in your desk drawer. To ensure your password is safe, use some sort of simple coding rather than recording it exactly. For example:
Laptops are popular productivity tools for both business and personal use. The portability of laptops makes them extremely convenient. However, we must also be aware of the security risks from the loss or theft of laptops and take proper precautions. The potential loss is twofold; the loss of the laptop itself and any personal, private or sensitive information that it may contain.
While you can take steps to secure the data on your laptop by installing a firewall, updating your antivirus software, using strong passwords and encrypting your information (all state provided laptops should be encrypted), it is also very important to physically protect your laptop. Laptops can easily be stolen from the locked trunk of a car, at an airport security checkpoint, at an Internet café or even from a hotel room. Keep these tips in mind when you travel with your laptop:
If your laptop is stolen, there are a number of steps you can take:
In February 2016, IOT and partners provided an security update to all agencies and separately-elected offices. The presentations can be viewed below.