Cybersecurity

10 tips to keep data secure

padlocked keyboard

Halloween is scary, but for the federal government, few things scare more than a security breach.

Despite recent high-profile incidents shining a light on the problem, reports show that agencies continue seeing a dramatic upward trend in cyberattacks – and hackers are bent on stealing sensitive information, information useful to identity thieves and anything else they can get their digital hands on.

A Government Accountability Office official testified in April that cases involving leaked or compromised sensitive data reported by federal agencies to the U.S. Computer Emergency Readiness Team skyrocketed nearly 680 percent from 2006 through 2011.

Cyberattacks overall are also costing the nation a pretty penny. According to a report in The New York Times, National Security Agency Director Gen. Keith Alexander has said the U.S. loses up to $338 billion in financial theft. Numbers from the Commerce Department also indicate $250 billion is lost every year in intellectual-property thefts.

Alexander, who serves as the commander of the U.S. Cyber Command, also in July expressed little confidence in the nation’s ability to thwart outside intrusions.

“If we were to be completely candid here, the reality is that industry is getting hacked [and] government is getting hacked," he told the audience at the Aspen Institute’s annual security forum. "What we need to do is come together and form best practices. When we put together this ability for our nation to work as a team in cyberspace, what that allows us to do now is do things that other countries aren’t capable of doing in defending the nation.”

In support of the National Cyber Security Awareness Month, information risk and security performance management company nCircle released an e-book that offers an array of tips to help improve online security. The suggestions are written in fewer than 140 characters to promote sharing on social media, including Twitter when using the hashtag #securitytips.

Here are 10 of those tips for staying cyber secure – modified for feds:

Look beyond antivirus programs: A virus scanner is not much use once a computer has been infected. By being proactive and keeping your systems current and programs patched, you can prevent malware from infecting your computer.

Switch up passwords: Use different, non-guessable passwords for different purposes. Do not use the same password for online banking and social media. Ideally, you have a different password for every service you use. (See some bad password examples here.)

Forego old methods: Traditional security methods such as security-based controls pointed at a dissolving perimeter driven by compliance are not doing the job anymore. Attackers hide in plain sight using valid credentials, so user behavior should be monitored to prevent data exfiltration.

Remember the weakest link: Humans create most of the problems in information security --whether it is an employee accidentally and unknowingly downloading malware or a bug created by a programmer. Solving information security problems with technology alone will not do.

Stay safe when traveling or teleworking: Feds who are on the road should use a privacy screen on their laptop to protect others from seeing sensitive information. A privacy screen minimizes the risk for “shoulder surfers” bent on sneaking a peek to gain information that later can be used to carry out a phishing attack.

Plan for the worst-case scenario: Plan against failure at every point of the system. What happens if X fails just when Y needs it most? If your virus protection fails and your email gets compromised, do you have a backup email address? Are your contacts backed up as well, on a different system?

Do not trust smartphone apps: Feds often rely on their mobile devices to do their job and stay connected, which means these smart phones, tablets and laptops are a treasure trove of information. Yet a single application can steal all this data and reveal details to complete strangers with unknown intentions. Beware of which apps you download.

Think before you tweet/post: This should be a no-brainer, yet many disregard it. The Internet simply does not forget – a post does not get permanently deleted and will be searchable for years to come. Think twice about what you write online.

Enable two-factor authentication: Online services such as Gmail, Facebook and Dropbox now enable two-factor authentication, which provides an additional layer of security against account hacking. Use this feature wherever available.

Own your security: Do not trust the IT department to keep your computer safe. Become familiar with the nature, efficacy and propriety of the security you rely on -- and act accordingly.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Fri, Nov 2, 2012

This info should go to every person who must work on cimputers that can be compromised. Every computer owner needs this info-for security sake!

Thu, Nov 1, 2012 Mike Sullivan No. Virginai

How about using something different that PKI and AES for security? Perpetual key changing techniques, data-centric protection beyond authentication, "real" end-to-end wireless data protection, secure SCADA techniques, and many more software / hardware solutions have been developed by and are available from small businesses. The USG seems to think that only major corporations can be of assistance, yet, if that were true, we would not have these continuing problems now, would we?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above