Security awareness is no longer optional for Florida government employees. Effective July 1, 2022, Governor Ron DeSantis approved House Bill 7055, requiring state agencies and local governments to offer employee security awareness training, report cybersecurity and ransomware incidents, and draft detailed reports of actions taken after cyber-attacks.
The new bill specifically states that all local government employees who will have access to the state’s network must successfully complete basic cybersecurity awareness training. In addition to this action, there is now a deadline requiring these new employees to finish the assigned lessons within 30 days of their start date.
The HB 7055 Mandates
HB 7055 is also calling for local governments to adopt cybersecurity standards that safeguard their data. These guidelines must be consistent with the accepted best practices for cybersecurity — and since human error continues to be the top threat, employee training must be offered and updated annually.
This critical legislation establishes the importance of cybersecurity readiness, the requirements to maintain and improve reporting standards, and the need to facilitate the integration of these new mandates for local government agencies.
Florida Spends Little on Training
The goal of increasing training is to lower the risk of growing cyber-attacks. But how much is being invested in education to prevent these prevalent attacks? According to the Cyber Florida report on local government’s cyber readiness, less than 5% of local government entities have cybersecurity as a line item in their budget.
The mandates in this legislation will create a shift. Florida’s local governments are now under pressure to boost their cyber preparedness and set aside adequate funding for these educational efforts.
How ERMProtect Can Help
Learn about ERMProtect's customizable Cybersecurity Awareness Training. Contact Silka Gonzalez at sgonzalez@ermprotect.com
