|A study on cyber security, published by the United States Government Accountability Office, found that reported security incidents among federal agencies, including infections from malicious code, policy violations and network intrusions, have increased 650 percent over the past five years. State and local governments are being breached at alarming levels as well. In fact, according to the property and casualty insurance industry, it’s not a matter of if, but when.Best practices to boost cyber security|
Avoiding cyber attacks takes a collaborative approach—between agencies, departments and employees. For some tips and best practices on limiting the likelihood of a security breach, keep reading.
- Educate employees on security basics: Some employees may unintentionally put information at risk, not because they are malicious or ill-intentioned, but because they are simply unaware of what puts data at risk and how. Regular educational sessions on cyber security and training on best practices can be an effective way to prevent data breaches. Training should address issues such as acceptable use policies, password protection, and file back-up and storage. Discuss email safety, too. Review the importance of not clicking on or opening links, or granting preview-pane access, which may pose potential security risks. Keep employees engaged while training—offer incentives for participation, such as keyboard cleaners, miniature chocolates or tasty bites snack packs. Also, an imprinted folder provides long-term safe keeping for training materials that highlight your top five best practices for avoiding security leaks.
- Set security controls: Setting dual controls, also known as following the “two-man rule,” can be an effective way to boost security and protect highly sensitive information. Under a dual-control system, access to privileged information is only granted when two authorized people with proper credentials are present. Limiting security privilege levels is another best practice to help counter internal breaches by giving associates the lowest amount of security access that is required to perform their job duties.
- Automate security access: Automating security access can be a cost-efficient way to track who is accessing what data and when. This is especially useful when multiple employees from different departments share the same data. A scannable badge system can automate this process and help track access. Attach badges to a lanyard or retractable badge holder for easy accessibility.
- Ensure vendor compliance: When working with outside vendors, be sure to include cyber-security requirements in your contracts. Provisions should include minimum security requirements, a cyber-security assessment and the obligation to disclose any and all breaches.
- Stay on top of security updates: Verizon’s 2012 Data Breach Investigations Report found that 97 percent of security breaches could have been avoided through simple measures such as basic system monitoring and patch management. Having system-update procedures in place, establishing regular reviews and requiring intermittent reporting can increase the level of security and accountability.
- Be prepared: Finally, be prepared in the event of a cyber data breach. Preparation is critical to responding effectively—and practice makes perfect. Put policies in place and train staff on what to do in the event of a cyber-security attack; the quicker the reaction, the better. Hold spontaneous pop quizzes via email that test employees’ cyber-security knowledge. Encourage employees to stay on top of cyber security by holding random prize drawings for correct answers. USB car chargers or a charging docks make great prizes.
It takes a team approach to properly implement cyber security and agencies need to be one step ahead of the ever-increasing sophistication of hackers. Policies, procedures and training are all helpful ways to combat breaches and keep important data protected.
Christman, Paul. “Viewpoint: Five ways to bolster cybersecurity.” American City & County Home Page. N.p., 24 Oct. 2012. Web. Retrieved 30 Oct. 2014.
Jones, Stephanie. “Protecting government information.” American City & County Article. N.p., 01 Aug. 2011. Web. Retrieved 30 Oct. 2014.
Keating, Michael. “From mobile devices to software: The top threats to local governments’ information security (with related video).” American City & County Home Page. N.p., 18 Sept. 2014. Web. Retrieved 30 Oct. 2014.
“Two-man rule.” Wikipedia. Wikimedia Foundation. 29 Oct. 2014. Web. Retrieved 30 Oct. 2014.
Papadopoulos, Emilian. “State and local governments have important roles to play in managing cyber risks.” American City & County Home Page. N.p., 14 Mar. 2014. Web. Retrieved 30 Oct. 2014.