Get the latest Employee Updates, information on working from home, policies, and data related to COVID-19.
The mission is to connect employees to services and information through people-focused technology solutions, in a safe and secure way.
- Ensuring protection of our City employees and residents through the ongoing development of our security best practices.
- Analyzing data to develop and share actionable mitigation recommendations.
- Educating City employees on the importance and impacts of security threats.
- Creating awareness about cybersecurity best practices. #BeCyberSmart
Defending Against COVID-19 Cyber Scams
You Are the First Line of Defense
Cyber scammers are taking advantage of fears surrounding COVID-19. They’re setting up websites to sell fake products, and using phishing emails, texts, and social media posts to facilitate scams and distribute malware. These cases continue to rise as more and more employees are teleworking. As the first line of defense, we all need to practice good cybersecurity hygiene.
What You Can Do
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19. You can also visit the City of Madison Coronavirus page for local COVID-19 updates.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review CISA Insights on Risk Management for COVID-19 for more information.
- Cybersecurity & Infrastructure Security Agency (CISA)
- Federal Trade Commission – Consumer Information
- Center for Internet Security (CIS)
Identifying Email Phishing Attempts
Cybercriminals use phishing tactics to lure users into clicking on malicious links, attachments, and filling out forms to access personal and financial information. Phishers will often impersonate an existing email address to fool users into trusting the sender. It's vital to verify email senders before interacting with any links or attachments. For example, verify the sender by carefully checking the "from" email address. Any misspellings or unusual domain names are a red flag for identifying phishing attempts.
External Email Banner
An external email banner is applied to all emails that are sent from external, non-City of Madison email addresses. This red banner will help City staff identify potentially malicious emails, links and attachments. The banner displays as shown in the screenshot below.
What to Do if You See this Banner
If the red external email banner appears on an email message in your inbox, follow these steps.
- Verify the email sender. Review the sender’s email address, do you recognize it?
- Hover over links and attachments before clicking. Review the potentially malicious links and attachments by hovering with your mouse to verify the link.
- If the email seems suspicious or you are unsure, forward the email to email@example.com and our Cybersecurity Team will review the message.
National Cybersecurity Awareness Month
Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that everyone has the resources they need to be safer and more secure online. NCSAM 2019 emphasizes personal accountability and stresses the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. #BeCyberSmart