Your Government agency is in danger.
Sam Kim, the Chief Information Officer of Clark County, told Government Technology that “Local Governments are attractive targets [for cybercriminals]…regardless of how big or small you are, you need to be vigilant.”
These remarks underscore the necessity of actionable cybersecurity tips, advice, and knowledge that so many agencies lack.
But it’s not you – IT professionals – that are lacking in this knowledge.
It’s everyone else.
The end user is the most dangerous IT security liability in your agency.
The IBM Security Services 2014 Cyber Security Intelligence Index report found an incredible and disturbing trend:
Of nearly 1,000 clients in 133 countries, over 95% of all cybersecurity incidents involved “human error” as a contributing factor.
According to the report, “The most commonly recorded form of human errors include system misconfiguration, poor patch management, use of default usernames and passwords or easy-to-guess passwords, lost laptops or mobile devices, and disclosure of regulated information via use of an incorrect email address.”
With Cybersecurity Awareness Month beginning in 2 days, it’s the perfect time to help your co-workers brush up on their IT security knowledge.
8 Cybersecurity Tips for Protecting Your Agency
Here are 8 cybersecurity tips that you can use to help the end users in your agency recommit to cybersecurity best practices.
We’ve also included a few ideas on how you can educate your employees on these tips to help you create a basic program for educating, training, and encouraging everyone in your agency to play a proactive role in protecting your organization from cyberattackers.
Create Strong Passwords
This is an essential cybersecurity tip for people who don’t quite understand the nuances of IT security and the risks of an easy-to-hack password.
Let them know that one of the most powerful security organizations in the world, the Department of Homeland Security, specifically suggests these tips:
- Never use your name, or the names of your kids or pets, or any other easily findable information about yourself
- Don’t use common passwords
- Break up your passwords with marks and symbols like @, !, #, 1, 9, etc.
- Always use a combination of lowercase and uppercase letters
You should also consider implementing a “password change policy” that mandates a routine password change every 45-90 days, with an explicit rule against using the same password over and over again but with a different number or character at the end (we’re sure you’re well aware of THAT guy).
Lock up All Your Devices Whenever You Leave Them
When your employees leave to take a lunch break, go to the bathroom, or go home at the end of the day, you need to make sure they always remember to lock their computer, tablet, phone, or other device that stores sensitive information.
The few minutes it takes for them to grab a snack or smoke a cigarette is just enough time a malicious insider needs to steal valuable data.
There are 2 things you can do to get your employees in the habit of locking their machines:
You can play the “Donuts Game” and/or you can encourage “Goating.”
Both are humorous, fun, and effective ways to get everyone involved in identifying bad security practices.
Be Aware of Phishing Emails
This is an essential and easily forgotten cybersecurity tip:
Be hypervigilant regarding your email and links in your email – you might be getting “phished.”
You have to repeat this over and over and over again to people who don’t live and breathe cybersecurity.
Educate your employees about phishing and tell them that it’s one of the most common email scams out there.
Let them know how it works:
- The “phisher” poses as a legitimate business, agency, or person and sends you a spoofed message.
- The message is usually urgent, and the sender will almost always ask you to click on a link to resolve the issue.
- Once you click on the link, it will either install malware on your device or send you to a spoofed website that steals the information you input into it.
And let them know how to avoid being phished:
- Double-check the sender to verify it’s an email address you recognize.
- Look for blatant and consistent spelling errors in the body of the email (this is a hallmark of both spam and phishing emails).
- Contact the sender directly, either in person or by phone, to verify that they actually sent you an email.
Install an Antivirus
We know some IT security experts don’t use antivirus, while others argue that antivirus is still important.
One thing we can all agree on is that the end user absolutely needs an antivirus because they’re far more likely to engage in riskier behavior than you are.
The 2017 Government Internet Security Threat Report offered a staggering statistic that you could pass on to your employees:
The number of detections of ransomware increased by 36% from 340,000 in 2015 to 463,000 in 2016.
Bottom line:
Don’t allow your employees to work on their machines without the antivirus running, and make sure it’s set to update automatically.
Use a VPN
Setup and strongly encourage the use of a VPN.
Let your employees know how critical a VPN is to their security and safety, especially when accessing data remotely.
Enforce a policy that simply states “every employee must access the company’s network using their VPN.”
Enforce Strict Access Privileges
Your staff should only have access to information that they need to access in order to perform their job functions.
Any access beyond that point puts your agency at risk.
Financial data, other employees’ data, official information, etc. should only be accessed by particular team members and managers.
Use access control on your organization’s intranet, on commonly used software, and on any other work-related programs.
Develop a Disaster Recovery Plan
A disaster recovery plan (DRP) is a set of procedures and resources to control the fallout of an unexpected attack, accident, or disaster.
A good DRP eliminates guesswork and enhances your team’s response effectiveness during an emergency.
To develop a solid plan, make sure to:
- Take inventory of all your hardware, software, devices, and data
- Ensure everything is consistently being backed up
- Ensure you have the appropriate hardware and software required to perform a backup if needed
- Assign a project manager to oversee the creation and maintenance of your DRP
- Test your plan regularly to ensure it can appropriately respond to unexpected threats
- Get your whole team involved in creating and executing your DRP
Provide On-Going Cyber Security Training to Your Staff
Use our cybersecurity tips to begin engaging your employees in an ongoing effort to protect your agency from cyberattackers.
Attempt to cultivate a cybersecurity awareness culture amongst all of your employees. Make it so that it’s not just October when everyone starts practicing good online behavior – they take cybersecurity seriously all year-round
If you want to secure your agency against serious threats, then get serious about training and educating your staff about the importance of cybersecurity.
Of course, only IT professionals need IT exam preparation tips to prepare for certification tests to upgrade their skills and knowledge
But your employees could benefit from formal courses in order to help defend your agency from serious threats.
Now, it’s true that it’s not easy to find good IT security training materials and instructors. And it’s also not easy getting your employees to learn – what with some people preferring microlearning, while others preferring long-form learning.
But the effectiveness and cost of eLearning changes all of this.
Now, you and your non-IT staff can continually educate yourselves and stay up-to-date with the latest threats and threat prevention tools and procedures.
Where can you find all this information?
Right here at Enterprise Training Solutions.
Cybersecurity Tips On-Demand
With videos, ebooks, and courses on topics ranging from phishing to malware to ransomware, we give you access to all the knowledge you need to improve your current security posture and prepare for any future threats.
Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!