ODJFS Security Statement

Job & Family Services Office of Communications

Topics

Office of Communications

Publications

Forms Central

Publication Order Form

Constituent Assistance

Acronyms

ADA Compliance

External Link Disclaimer

Welcome, and thank you for using the Ohio Department of Job and Family Services website and services. We value the relationship we have with our users and are committed to protecting your information using industry and Government best practices. This notice describes how we and protect your information and our services and how you can better protect your accounts and information used across ODJFS websites and Services.

How do we protect and secure your information?

Encryption

When you visit our website, we require the use of a secure browser with 128-bit TLS version 1.2+ encryption. Using encryption protects the information by scrambling it as it is sent from your computer or device to ODJFS and vice versa. It helps to keep your information secure and private.

System monitoring

We regularly review activity and system logs to identify potential problems. Additionally, we monitor industry and government alerts to security issues or warning. We have systems in place to automatically block and help prevent unauthorized access to your information from unknown or untrusted sources. We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.

Vulnerability Scanning

We regularly scan our websites and services for vulnerabilities. We utilize industry leading solutions to help us detect vulnerabilities and issues and use third party penetration testing services to help let us know how good of a job are we doing.

Patches

We update our systems frequently so that we are using current security technology.

Limited access

We restrict access to your personal information to ODJFS Employees or associates who need to know that information to process your request or maintain our website. Those that have access to your information are subject to strict confidentiality obligations and may be disciplined, terminated, and prosecuted if they fail to meet these obligations.

Changes

Our website security statement may change from time to time. We will post any security statement changes on this page, and, if the changes are significant, we will provide a more prominent notice.

How can you better protect and secure your information?

There are a few things you can do to keep your information safe when working with ODJFS and other online services:

Password Security

Don't reuse passwords or PINs.
- You should have separate passwords and PINs for personal and business accounts. There are many Password Manager software solutions available to help you do this easily.
Don't share your passwords
- ODJFS will never ask you for your password
- Never share your password with friends or family
Use Multi-Factor Authentication
- Whenever possible always enable Multi-Factor Authentication, 2 Factor Authentication, or Step-up authentication
Security Questions
- Make sure to use unique and hard to guess Security and Account recovery questions, especially on your financial, government, and email applications.

Use a VPN

Public Wi-Fi
- When using a Wi-Fi network that you don't own, you should use a Virtual Private Network or VPN solution. It is possible when using public Wi-Fi, that others on the same network, will be able to see any information sent to or from your laptop or device, without you knowing. This includes your usernames and passwords.

Use passcodes

Mobile Devices
- Apply a passcode lock wherever available, even if it's optional. Think of all the personal data and connections on your smartphone. Many smartphones offer a four-digit PIN by default, opt for longer PINs. Use biometric authentication (i.e. Touch ID, Face ID) when available.
Cellular Providers
- Setup up Port Freeze or Number Lock to with a password or PIN with your Cellular providers to protect against SIM Swapping attacks.

Email Security

ODJFS email correspondence
- ODJFS uses industry standard protections (DKIM, SPF, and DMARC) for email correspondence sent to you.
- It will always come from an Ohio.gov email domain (i.e., @jfs.ohio.gov) or State.oh.us domain (i.e., @odjfs.state.oh.us)
- We will never send you links in your email, instead it will say things like "You have a secure message waiting for you on ODJFS portal".
- We limit the amount of personal information sent via email, and only send the minimum necessary to inform you adequately, meeting State and Federal laws and regulations.
Use different email accounts
- Use different email accounts to sign up for spam and promotional offers, and another for your personal business interactions. This can help you right away if, for instance you receive a financial services email in your spam account, you know this isn't valid and is a likely phishing attack.

Social Media Accounts

Be careful how much information you share on social media accounts. This information (also sourced from quizzes or games, etc.) can be used by hackers and online thieves to attempt to steal your identity and gain unauthorized access to your financial and other accounts.
Make sure you enable privacy settings on your accounts and posts to prevent oversharing to those with whom you did not intend to share.

See Something, Say Something

We take securing your data seriously, if you see something wrong or questionable, please say something! Reach out to us, we try every day to improve our security controls and processes.

If you have any questions about this notice or how we secure our websites or services, please contact us by e-mail to OIS_Security@jfs.ohio.gov.