Illinois Requires Cybersecurity Training for State Employees
A bipartisan cybersecurity bill has reached the Illinois governor’s desk, one that is being hailed as a landmark piece of legislation for furthering electronic and data security in the state.
House Bill 2371 is an amendment to the state’s existing Data Security on State Computers Act and will provide cybersecurity training to a significant number of state employees. While some offices are exempt from the mandated training, more than 95% of the state’s 50,000 employees have already received their training.
There were a few budgetary pitfalls when the bill was introduced, and several different sectors in the state government are optimistic that the necessary cuts can be reinstated later on as the budget allows. However, the funding was allocated under this amendment to provide for the annually updated training requirements, and it opens the door for that training to be conducted online.
This amendment is a clear acknowledgment that human error is often the weakest link in any form of cyberattack or data breach event. It also demonstrates a known phenomenon about hacking and scams, namely that the methods continue to evolve faster than experts can keep up. The training established by HB 2371 “includes. but is not limited to, detecting phishing scams, preventing spyware infections and identity theft, and preventing and responding to data breaches” Illinois has also taken further groundbreaking action this year with the introduction of a consumer privacy bill that replaces the recently repealed Obama-era Federal Communications Commission broadband privacy rules. Called the Right to Know Act, this legislation requires any online entity operating within the state to inform internet users about what data it collects on them, what information it shares with third-parties, and to provide a contact source for consumers to learn what personal information has already been shared.
Opponents of the bill have cited the difficulty in requiring tech companies like Google or Microsoft to comply with the regulations. Critics have also argued that the federal government rejected these measures, and that an individual state shouldn’t take on that role. Supporters, however, have cited the public’s right to know what access has been granted to their most personal data, and who is allowed to use it. This legislation has already passed the Senate and now heads to the committee in the House.
Read next: A Closer Look at your Apps’ Permissions