Government and higher education overlap in many ways. For starters, both institutions serve the public. Next, agencies and universities each aim to improve their communities. Finally, cybersecurity is quickly becoming a chief concern for academia and the public sector alike.
The COVID-19 pandemic, meanwhile, has only increased the similarities between agencies and schools nationwide. As the crisis continues, organizations in both categories are relying on more remote work than before. Ultimately, the number of cybersecurity risks only grows as the size of the attack surfaces agencies and schools expands.
On Thursday, GovLoop explored lessons remote work has taught higher education during its latest briefing center. GovLoop’s remote data-focused briefing center was a two-hour collection of different online trainings.
“I think of security tools as guardrails rather than stop signs,” said Tina Thorstenson, Senior Director, Public Sector Industry Solutions and Strategy at CrowdStrike. CrowdStrike is a cybersecurity solutions provider who sponsored Thursday’s event. “Security should keep us moving, not hold us up.”
Here are three takeaways about remote data security from a panel involving Thorstenson and Sol Bermann, Executive Director of Information Assurance and Chief Information Security Officer (CISO) at the University of Michigan (U of M).
Change Culture and Technology Simultaneously
New tools cannot help agencies whose employees will not try them. Whether tools aid cybersecurity, remote work or something else, technology transformation cannot occur without cultural reinvention too.
For instance, Thorstenson recommended agencies appoint officials responsible for cybersecurity and data.
“Having someone responsible for it elevates the need,” she said of concerns such as cybersecurity. “It is essential for changing the culture.”
According to Bermann, the technology vendors agencies collaborate with should match their internal cultures.
“It may be the best tool, but it may not fit your culture, operation or business,” he said. “Having a notion of your constituency and community and what’s palatable to them should really inform your technology choices.”
Master the Basics
According to Bermann, government and higher education struggle with fundamental cybersecurity and data protection.
“For goodness sake, patch your systems on time,” he said. “Do your updates routinely and automate it when possible. If you don’t have two-factor authentication in place, you are two, three or four years behind the times.”
Automation involves machines performing simple manual tasks with little to no human input. Increasingly, cybersecurity teams rely on automation to assist with their duties.
Two-factor authentication, meanwhile, forces users to provide two pieces of evidence – such as a password and a code randomly generated by a user’s smartphone – before gaining access to resources such as websites.
Do Your Part
Unfortunately, no single person or tool can protect agencies from cyberthreats. According to Bermann, the result is that everyone must contribute to greater security agencywide.
“It is all of our job,” he said. “If you’re not part of the solution, you’re part of the problem.”
Thorstenson added today’s threat landscape means agencies and schools must pay attention to security or risk potential consequences.
“If you don’t take these practical steps, reality will set in eventually,” she said. “Get out in front of it before something like that happens to you.”
This online training was brought to you by: