Cybersecurity

10 tips to keep data secure

padlocked keyboard

Halloween is scary, but for the federal government, few things scare more than a security breach.

Despite recent high-profile incidents shining a light on the problem, reports show that agencies continue seeing a dramatic upward trend in cyberattacks – and hackers are bent on stealing sensitive information, information useful to identity thieves and anything else they can get their digital hands on.

A Government Accountability Office official testified in April that cases involving leaked or compromised sensitive data reported by federal agencies to the U.S. Computer Emergency Readiness Team skyrocketed nearly 680 percent from 2006 through 2011.

Cyberattacks overall are also costing the nation a pretty penny. According to a report in The New York Times, National Security Agency Director Gen. Keith Alexander has said the U.S. loses up to $338 billion in financial theft. Numbers from the Commerce Department also indicate $250 billion is lost every year in intellectual-property thefts.

Alexander, who serves as the commander of the U.S. Cyber Command, also in July expressed little confidence in the nation’s ability to thwart outside intrusions.

“If we were to be completely candid here, the reality is that industry is getting hacked [and] government is getting hacked," he told the audience at the Aspen Institute’s annual security forum. "What we need to do is come together and form best practices. When we put together this ability for our nation to work as a team in cyberspace, what that allows us to do now is do things that other countries aren’t capable of doing in defending the nation.”

In support of the National Cyber Security Awareness Month, information risk and security performance management company nCircle released an e-book that offers an array of tips to help improve online security. The suggestions are written in fewer than 140 characters to promote sharing on social media, including Twitter when using the hashtag #securitytips.

Here are 10 of those tips for staying cyber secure – modified for feds:

Look beyond antivirus programs: A virus scanner is not much use once a computer has been infected. By being proactive and keeping your systems current and programs patched, you can prevent malware from infecting your computer.

Switch up passwords: Use different, non-guessable passwords for different purposes. Do not use the same password for online banking and social media. Ideally, you have a different password for every service you use. (See some bad password examples here.)

Forego old methods: Traditional security methods such as security-based controls pointed at a dissolving perimeter driven by compliance are not doing the job anymore. Attackers hide in plain sight using valid credentials, so user behavior should be monitored to prevent data exfiltration.

Remember the weakest link: Humans create most of the problems in information security --whether it is an employee accidentally and unknowingly downloading malware or a bug created by a programmer. Solving information security problems with technology alone will not do.

Stay safe when traveling or teleworking: Feds who are on the road should use a privacy screen on their laptop to protect others from seeing sensitive information. A privacy screen minimizes the risk for “shoulder surfers” bent on sneaking a peek to gain information that later can be used to carry out a phishing attack.

Plan for the worst-case scenario: Plan against failure at every point of the system. What happens if X fails just when Y needs it most? If your virus protection fails and your email gets compromised, do you have a backup email address? Are your contacts backed up as well, on a different system?

Do not trust smartphone apps: Feds often rely on their mobile devices to do their job and stay connected, which means these smart phones, tablets and laptops are a treasure trove of information. Yet a single application can steal all this data and reveal details to complete strangers with unknown intentions. Beware of which apps you download.

Think before you tweet/post: This should be a no-brainer, yet many disregard it. The Internet simply does not forget – a post does not get permanently deleted and will be searchable for years to come. Think twice about what you write online.

Enable two-factor authentication: Online services such as Gmail, Facebook and Dropbox now enable two-factor authentication, which provides an additional layer of security against account hacking. Use this feature wherever available.

Own your security: Do not trust the IT department to keep your computer safe. Become familiar with the nature, efficacy and propriety of the security you rely on -- and act accordingly.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Fri, Nov 2, 2012

This info should go to every person who must work on cimputers that can be compromised. Every computer owner needs this info-for security sake!

Thu, Nov 1, 2012 Mike Sullivan No. Virginai

How about using something different that PKI and AES for security? Perpetual key changing techniques, data-centric protection beyond authentication, "real" end-to-end wireless data protection, secure SCADA techniques, and many more software / hardware solutions have been developed by and are available from small businesses. The USG seems to think that only major corporations can be of assistance, yet, if that were true, we would not have these continuing problems now, would we?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above