Cybersecurity

10 tips to keep data secure

padlocked keyboard

Halloween is scary, but for the federal government, few things scare more than a security breach.

Despite recent high-profile incidents shining a light on the problem, reports show that agencies continue seeing a dramatic upward trend in cyberattacks – and hackers are bent on stealing sensitive information, information useful to identity thieves and anything else they can get their digital hands on.

A Government Accountability Office official testified in April that cases involving leaked or compromised sensitive data reported by federal agencies to the U.S. Computer Emergency Readiness Team skyrocketed nearly 680 percent from 2006 through 2011.

Cyberattacks overall are also costing the nation a pretty penny. According to a report in The New York Times, National Security Agency Director Gen. Keith Alexander has said the U.S. loses up to $338 billion in financial theft. Numbers from the Commerce Department also indicate $250 billion is lost every year in intellectual-property thefts.

Alexander, who serves as the commander of the U.S. Cyber Command, also in July expressed little confidence in the nation’s ability to thwart outside intrusions.

“If we were to be completely candid here, the reality is that industry is getting hacked [and] government is getting hacked," he told the audience at the Aspen Institute’s annual security forum. "What we need to do is come together and form best practices. When we put together this ability for our nation to work as a team in cyberspace, what that allows us to do now is do things that other countries aren’t capable of doing in defending the nation.”

In support of the National Cyber Security Awareness Month, information risk and security performance management company nCircle released an e-book that offers an array of tips to help improve online security. The suggestions are written in fewer than 140 characters to promote sharing on social media, including Twitter when using the hashtag #securitytips.

Here are 10 of those tips for staying cyber secure – modified for feds:

Look beyond antivirus programs: A virus scanner is not much use once a computer has been infected. By being proactive and keeping your systems current and programs patched, you can prevent malware from infecting your computer.

Switch up passwords: Use different, non-guessable passwords for different purposes. Do not use the same password for online banking and social media. Ideally, you have a different password for every service you use. (See some bad password examples here.)

Forego old methods: Traditional security methods such as security-based controls pointed at a dissolving perimeter driven by compliance are not doing the job anymore. Attackers hide in plain sight using valid credentials, so user behavior should be monitored to prevent data exfiltration.

Remember the weakest link: Humans create most of the problems in information security --whether it is an employee accidentally and unknowingly downloading malware or a bug created by a programmer. Solving information security problems with technology alone will not do.

Stay safe when traveling or teleworking: Feds who are on the road should use a privacy screen on their laptop to protect others from seeing sensitive information. A privacy screen minimizes the risk for “shoulder surfers” bent on sneaking a peek to gain information that later can be used to carry out a phishing attack.

Plan for the worst-case scenario: Plan against failure at every point of the system. What happens if X fails just when Y needs it most? If your virus protection fails and your email gets compromised, do you have a backup email address? Are your contacts backed up as well, on a different system?

Do not trust smartphone apps: Feds often rely on their mobile devices to do their job and stay connected, which means these smart phones, tablets and laptops are a treasure trove of information. Yet a single application can steal all this data and reveal details to complete strangers with unknown intentions. Beware of which apps you download.

Think before you tweet/post: This should be a no-brainer, yet many disregard it. The Internet simply does not forget – a post does not get permanently deleted and will be searchable for years to come. Think twice about what you write online.

Enable two-factor authentication: Online services such as Gmail, Facebook and Dropbox now enable two-factor authentication, which provides an additional layer of security against account hacking. Use this feature wherever available.

Own your security: Do not trust the IT department to keep your computer safe. Become familiar with the nature, efficacy and propriety of the security you rely on -- and act accordingly.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Fri, Nov 2, 2012

This info should go to every person who must work on cimputers that can be compromised. Every computer owner needs this info-for security sake!

Thu, Nov 1, 2012 Mike Sullivan No. Virginai

How about using something different that PKI and AES for security? Perpetual key changing techniques, data-centric protection beyond authentication, "real" end-to-end wireless data protection, secure SCADA techniques, and many more software / hardware solutions have been developed by and are available from small businesses. The USG seems to think that only major corporations can be of assistance, yet, if that were true, we would not have these continuing problems now, would we?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group