跳到主要内容

bet356官网首页

An image of a user holding a mobile phone

It is important that Commonwealth of 质量achusetts departments immediately report any cyber incidents or other suspicious activity to departmental IT staff, even if the activity or email seems innocuous. Malware and ransomware often go undetected at first, so it is always safe to have your IT and security staff double check.

Since employees of the Commonwealth of 质量achusetts are often using enterprise systems, it is also critical to notify the Executive Office of Technology and Security Services (EOTSS) and the 审计长bet356英国在线 (CTR) to ensure enterprise systems are protected. Ransomware and other viruses can quickly spread and disrupt operations and compromise data.

In the event of a breach of personally identifiable information, Commonwealth of 质量achusetts departments are legally required to notify certain agencies and affected residents.

If You Suspect a Suspicious Email or Potential Security/Fraud Incident

IT / Cyber Department Resource

Immediately report to your internal designated IT/Cyber department resource to review email or activity and implement Incident Response Plan.

EOTSS (For Executive Departments)

本指南 will outline the method for alerting the appropriate Executive Office of Technology Services and Security (EOTSS) personnel if you believe you have received a phishing email.

审计长bet356英国在线

Report the nature of the incident or suspicious activity to the 审计长bet356英国在线 at (电子邮件保护). CTR can determine risks to enterprise systems and assist with internal controls and remediation. This includes suspicious emails, phishing attempts to misdirect payments or obtain credentials, 或者其他欺诈行为.

Additional Law Enforcement and Fraud Reporting

For fraud against a department, file a cyber-fraud report with the local police department in the city or town where fraud occurs.

Federal Bureau of Investigation

The FBI encourages reporting of suspicious activity, including cyber incidents or fraud.

访问IC3.政府
MS-ISAC

The MS-ISAC Security Operations Center is available 24/7 by phone 866-787-4722 or email.

电子邮件MS-ISAC

Monetary Losses - Internal Control Reporting

Commonwealth of 质量achusetts departments are required to report unaccounted for variances, 损失, or financial shortages due to a cyber incident 或者其他欺诈行为 to the State Auditor’s Office using this form.

把表格的副本寄给 审计长bet356英国在线.

If an Incident Results in a Data Breach of Personally Identifiable Information Under M.G.L. C. 93h, Additional Reporting Is Required to the Following Entities:

总检察长bet356英国在线

If you know or have reason to know that your organization has experienced a data breach covered by the Breach Notification Law, you must notify the Attorney General’s Office.

参观弥撒.政府

Office of Consumer Affairs and Business Regulation

If you know or have reason to know that your organization has experienced a data breach covered by the Breach Notification Law, you must notify the Office of Consumer Affairs and Business Regulation.

参观弥撒.政府

Affected 质量achusetts residents

If you know or have reason to know that your organization has experienced a data breach covered by the Breach Notification Law, you must notify all affected residents with a written Consumer Notice.

参观弥撒.政府

其他资源

Requirements for Data Breaches

View more information about data breaches and what the law defines as personal information.

参观弥撒.政府

Obligations Under the Data Security 规定 and Breach Notification Law

The Data Security 规定 tell you what you must do to prevent a data breach and the Breach Notification Law tells you what you must do when a breach happens.

参观弥撒.政府

安全漏洞合规

第93H章第三节

参观立法机构.政府