10 tips to keep data secure
Halloween is scary, but for the federal government, few things scare more than a security breach.
Despite recent high-profile incidents shining a light on the problem, reports show that agencies continue seeing a dramatic upward trend in cyberattacks – and hackers are bent on stealing sensitive information, information useful to identity thieves and anything else they can get their digital hands on.
A Government Accountability Office official testified in April that cases involving leaked or compromised sensitive data reported by federal agencies to the U.S. Computer Emergency Readiness Team skyrocketed nearly 680 percent from 2006 through 2011.
Cyberattacks overall are also costing the nation a pretty penny. According to a report in The New York Times, National Security Agency Director Gen. Keith Alexander has said the U.S. loses up to $338 billion in financial theft. Numbers from the Commerce Department also indicate $250 billion is lost every year in intellectual-property thefts.
Alexander, who serves as the commander of the U.S. Cyber Command, also in July expressed little confidence in the nation’s ability to thwart outside intrusions.
“If we were to be completely candid here, the reality is that industry is getting hacked [and] government is getting hacked," he told the audience at the Aspen Institute’s annual security forum. "What we need to do is come together and form best practices. When we put together this ability for our nation to work as a team in cyberspace, what that allows us to do now is do things that other countries aren’t capable of doing in defending the nation.”
In support of the National Cyber Security Awareness Month, information risk and security performance management company nCircle released an e-book that offers an array of tips to help improve online security. The suggestions are written in fewer than 140 characters to promote sharing on social media, including Twitter when using the hashtag #securitytips.
Here are 10 of those tips for staying cyber secure – modified for feds:
Look beyond antivirus programs: A virus scanner is not much use once a computer has been infected. By being proactive and keeping your systems current and programs patched, you can prevent malware from infecting your computer.
Switch up passwords: Use different, non-guessable passwords for different purposes. Do not use the same password for online banking and social media. Ideally, you have a different password for every service you use. (See some bad password examples here.)
Forego old methods: Traditional security methods such as security-based controls pointed at a dissolving perimeter driven by compliance are not doing the job anymore. Attackers hide in plain sight using valid credentials, so user behavior should be monitored to prevent data exfiltration.
Remember the weakest link: Humans create most of the problems in information security --whether it is an employee accidentally and unknowingly downloading malware or a bug created by a programmer. Solving information security problems with technology alone will not do.
Stay safe when traveling or teleworking: Feds who are on the road should use a privacy screen on their laptop to protect others from seeing sensitive information. A privacy screen minimizes the risk for “shoulder surfers” bent on sneaking a peek to gain information that later can be used to carry out a phishing attack.
Plan for the worst-case scenario: Plan against failure at every point of the system. What happens if X fails just when Y needs it most? If your virus protection fails and your email gets compromised, do you have a backup email address? Are your contacts backed up as well, on a different system?
Do not trust smartphone apps: Feds often rely on their mobile devices to do their job and stay connected, which means these smart phones, tablets and laptops are a treasure trove of information. Yet a single application can steal all this data and reveal details to complete strangers with unknown intentions. Beware of which apps you download.
Think before you tweet/post: This should be a no-brainer, yet many disregard it. The Internet simply does not forget – a post does not get permanently deleted and will be searchable for years to come. Think twice about what you write online.
Enable two-factor authentication: Online services such as Gmail, Facebook and Dropbox now enable two-factor authentication, which provides an additional layer of security against account hacking. Use this feature wherever available.
Own your security: Do not trust the IT department to keep your computer safe. Become familiar with the nature, efficacy and propriety of the security you rely on -- and act accordingly.