Cybersecurity

10 tips to keep data secure

padlocked keyboard

Halloween is scary, but for the federal government, few things scare more than a security breach.

Despite recent high-profile incidents shining a light on the problem, reports show that agencies continue seeing a dramatic upward trend in cyberattacks – and hackers are bent on stealing sensitive information, information useful to identity thieves and anything else they can get their digital hands on.

A Government Accountability Office official testified in April that cases involving leaked or compromised sensitive data reported by federal agencies to the U.S. Computer Emergency Readiness Team skyrocketed nearly 680 percent from 2006 through 2011.

Cyberattacks overall are also costing the nation a pretty penny. According to a report in The New York Times, National Security Agency Director Gen. Keith Alexander has said the U.S. loses up to $338 billion in financial theft. Numbers from the Commerce Department also indicate $250 billion is lost every year in intellectual-property thefts.

Alexander, who serves as the commander of the U.S. Cyber Command, also in July expressed little confidence in the nation’s ability to thwart outside intrusions.

“If we were to be completely candid here, the reality is that industry is getting hacked [and] government is getting hacked," he told the audience at the Aspen Institute’s annual security forum. "What we need to do is come together and form best practices. When we put together this ability for our nation to work as a team in cyberspace, what that allows us to do now is do things that other countries aren’t capable of doing in defending the nation.”

In support of the National Cyber Security Awareness Month, information risk and security performance management company nCircle released an e-book that offers an array of tips to help improve online security. The suggestions are written in fewer than 140 characters to promote sharing on social media, including Twitter when using the hashtag #securitytips.

Here are 10 of those tips for staying cyber secure – modified for feds:

Look beyond antivirus programs: A virus scanner is not much use once a computer has been infected. By being proactive and keeping your systems current and programs patched, you can prevent malware from infecting your computer.

Switch up passwords: Use different, non-guessable passwords for different purposes. Do not use the same password for online banking and social media. Ideally, you have a different password for every service you use. (See some bad password examples here.)

Forego old methods: Traditional security methods such as security-based controls pointed at a dissolving perimeter driven by compliance are not doing the job anymore. Attackers hide in plain sight using valid credentials, so user behavior should be monitored to prevent data exfiltration.

Remember the weakest link: Humans create most of the problems in information security --whether it is an employee accidentally and unknowingly downloading malware or a bug created by a programmer. Solving information security problems with technology alone will not do.

Stay safe when traveling or teleworking: Feds who are on the road should use a privacy screen on their laptop to protect others from seeing sensitive information. A privacy screen minimizes the risk for “shoulder surfers” bent on sneaking a peek to gain information that later can be used to carry out a phishing attack.

Plan for the worst-case scenario: Plan against failure at every point of the system. What happens if X fails just when Y needs it most? If your virus protection fails and your email gets compromised, do you have a backup email address? Are your contacts backed up as well, on a different system?

Do not trust smartphone apps: Feds often rely on their mobile devices to do their job and stay connected, which means these smart phones, tablets and laptops are a treasure trove of information. Yet a single application can steal all this data and reveal details to complete strangers with unknown intentions. Beware of which apps you download.

Think before you tweet/post: This should be a no-brainer, yet many disregard it. The Internet simply does not forget – a post does not get permanently deleted and will be searchable for years to come. Think twice about what you write online.

Enable two-factor authentication: Online services such as Gmail, Facebook and Dropbox now enable two-factor authentication, which provides an additional layer of security against account hacking. Use this feature wherever available.

Own your security: Do not trust the IT department to keep your computer safe. Become familiar with the nature, efficacy and propriety of the security you rely on -- and act accordingly.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Fri, Nov 2, 2012

This info should go to every person who must work on cimputers that can be compromised. Every computer owner needs this info-for security sake!

Thu, Nov 1, 2012 Mike Sullivan No. Virginai

How about using something different that PKI and AES for security? Perpetual key changing techniques, data-centric protection beyond authentication, "real" end-to-end wireless data protection, secure SCADA techniques, and many more software / hardware solutions have been developed by and are available from small businesses. The USG seems to think that only major corporations can be of assistance, yet, if that were true, we would not have these continuing problems now, would we?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group