The government faces threats from a growing set of sophisticated malicious personalities who seek to exploit cyberspace. It includes espionage, political and ideological interests and financial gain. In one of the report of US Department of Homeland Security dated May 15, 2018, intrusions in one of the federal agency resulted in the compromise of personnel records of over 4 million employees and in total impacted nearly 22 million people.
An old Lookout Study indicated that 40 percent of government employees access potentially sensitive government data using their personal devices and exhibit behaviors that possibly endanger the device and the data. This information becomes dire since it is also estimated that by the year 2020, more than 20 billion devices are expected to be connected to the internet. The risks introduced by the growing number and variety of such devices are substantial since cybercriminals are pivoting their operations towards mobile.
As a solution, government institutions must align their existing law enforcement efforts and resources to address new and emerging challenges in cyberspace. They must include the growing use of end-to-end encryption, anonymous networks, online marketplace and cryptocurrencies. Critical infrastructure from different departments like the financial, energy and communications must be protected.
In addition, here are ways to improve cybersecurity of the government:
Control BYOD(Bring Your Own Device)
As mentioned in a previous paragraph, most of the government employees have used personal devices to get email. Almost as many had downloaded document on those devices. While more than half said they were aware of the risks of using personal devices at work, 85 percent admitted to doing it anyway.
IT managers should inventory the devices and applications employees are using, and take advantage of software that helps enforce compliance policies and monitor usage of and access to government data and systems.
Train employees to follow security practices
Whether it’s reminding workers (including high-level officials) to avoid clicking on phishing emails or requiring IT to patch systems right after updates are available, IT managers can’t do too much training in the workplace. The IT department is expected to understand what’s at stake with poor security practices, but end users may not. That’s why reaching them with that message and security tips they can easily follow is vital.
Use multifactor authentication
One of the biggest problems in security today is the requirement that users remember a password for each network, website, application and service they use. People end up choosing weak passwords and re-using them, which gives hackers the key to other unrelated systems. OAuth and other protocols enable provisioning tokens that allow government to enforce multi factor authentication for email clients. There are tools in place to improve security across systems and users, but they are useless if no one uses them.
Use strong encryption
This may seem like a no-brainer, but using strong encryption will protect data from network intruders and protect laptops and mobile devices if they are lost or stolen. However, security must extend beyond laptops and phones.
Cybersecurity may seem like a technical problem, but changing cultural processes and systems that are decades old takes strong leadership, drive and commitment. No technology or standard can eliminate the risk of a cyber-attack, but with the adoption of modern standards and revisions of law enforcement efforts can be an important step that meaningfully reduces cyber risks. Government should create a policy that not only enhances collective cyber security, but also helps to ensure greater privacy and increased trust online.