According to the Cybersecurity & Infrastructure Security Agency (CISA), cyberspace is very difficult to secure. This is due to several reasons, including:
- Malicious actors operating from anywhere in the world.
- Links between cyberspace and physical systems.
- The difficulty of reducing vulnerabilities and consequences in complex cyber networks.
Implementing, maintaining, and updating safe cybersecurity best practices in government agencies is critical. As information technology (IT) continues to integrate into all aspects of society, there is an increased risk of wide-scale or high-consequence events. These events can cause harm or disrupt economic services that millions of Americans depend on.
Basic Cyber Hygiene
Daily risk management is essential to cybersecurity for the government. IT teams should ensure all employees have strong passwords, updated software, multi-factor authentication, and additional cybersecurity training. For example, employees should be aware of the consequences of opening suspicious emails and links. This can drastically improve online safety and prevent cyber threats in your government agency. Developing and implementing tailored cybersecurity plans and procedures is key to protecting and maintaining business operations.
Government Cybersecurity Best Practices
Investing in cybersecurity awareness training is one of the best things you can do for your government agency. For example, is everyone in your agency aware of insider threats? They should be trained to recognize a malicious threat that comes from people within the organization (e.g., employees, former employees, contractors) who know the organization’s security practices, data, and computer systems to cause harm. Insider threats can include the following:
- National security crimes: Terrorism, economic espionage, export controls and sanctions, or cyber threats
- Espionage: Sharing national security information with a foreign entity without authorization
- Unauthorized disclosure: Sharing or disclosing information without authorization
- Workplace violence: Aggression or violent acts toward self or others
Sabotage: Using technical methods to disrupt or cease normal business operations
Fraud: Unauthorized modification, addition, or deletion of an organization’s data for personal gain; data theft
Unwitting actions that increase vulnerabilities: Leaving sensitive information unattended; misusing government IT systems; discussing sensitive information in public
Reporting and Whistleblowing
A workforce that recognizes and reports suspicious behavior or activity can help defend against insider threats. It should be known that all Federal employees are required to report potential indicators of insider threat, including the following:
Mishandling of classified information
Misuse of computer systems
Suspicious cyber incidents
Foreign influence
Suspicious contacts
Suspicious financial activity
Recording devices
Your workforce should know that whistleblowing occurs throughout the Federal Government every day and can range from a simple conversation with a supervisor to contacting the Office of Inspector General (OIG) Hotline. In each instance of lawful whistleblowing, an individual delivers the right information to the appropriate authorities, including:
A government supervisor in the employee’s chain of command.
The Inspector General (IG) of the employing agency.
The Director of National Intelligence (DNI).
The Inspector General of the Intelligence Community (ICIG).
An employee designated by any of the above officials to receive such disclosures.
All employees should also be trained on how outsiders work to hack into government systems. Many believe cybercriminals are expert programmers who can access any computer with just a few keystrokes. In reality, many cybercriminals are ordinary people who exploit known vulnerabilities in your agency’s software or operating system. Ensure all employees understand cyber threats, proper data protection, and agency cybersecurity best practices.
For more information on how to help your fellow government employees stay updated on cybersecurity awareness and best practices, explore our extensive library of Workplace Safety & Security products and find the ones right for your needs.