8 Ways To Mitigate Cybersecurity Risks

Achieving your agency’s mission with the newest technology is a necessary step to modernize services and to keep pace in the digital era. However, virtualization can make your agency more vulnerable if it is not paired with the right security measures.

In GovLoop’s new Agency of the Future series guide, “Winning the Cybersecurity Battle,” features case studies, industry perspectives and best practices to take your agency into the future without compromising security.

The guide also highlights actions you can take right now to mitigate risk at your agency. Below is an excerpt from our report, which highlights 8 ways to ensure your agency’s mission does not become a risky business, with special insights from Dan Lohrmann, Chief Security Officer, State of Michigan.

1. Leadership

An effective cybersecurity strategy must appeal to individual employees and be easily incorporated into the day-to-day mission at the agency. Cyber experts must also convince executives and decision makers to make cybersecurity a priority. “Getting buy-in and executive leadership is key,” said Lohrmann.

2. Training and Education

Every cybersecurity strategy depends on individual compliance. If an employee falls for a phishing scam or uses a work-around to avoid a security measure, the entire agency is at risk. Most employees want to comply with and enhance their agency’s cybersecurity goals, yet many fail to understand how their actions impact the system. Effective training can help employees gain this critical understanding. Our guide highlights training best practices from the State of Michigan.

3. Continuous Monitoring

Identifying when your system has been compromised is only possible when you have an understanding of how your system looks operating optimally. Continuous monitoring allows agencies to access a holistic view of their systems and identify security implications for changes in hardware, software and firmware. NIST (The National Institute for Standards and Technology) recommends continuous monitoring as part of their six-step risk management framework.

4. Preparing Against Sophisticated Attacks

Always stay one step ahead of attackers. As attack strategies by hackers grow more complex, so should your security systems. Michigan introduced a Cyber Range that allows employees to test fire their strategies against simulated attacks.

5. Keeping Systems Updated

The most common attacks take advantage of antiquated systems that do not deploy updated security measures. Keeping your system up to date is the simplest way to protect your agency against the majority of attacks.

6. Talent Management

As threats grow in sophistication, the need for the top cyber talent in government becomes more pressing. Unfortunately, government is losing a competition with the private sector in attracting this talent. Government agencies must come up with incentives to draw in and retain the best people in the field.

7. Disaster Recovery Planning

Even with the best security, cyber attacks are inevitable. Every effective cyber security strategy must include steps for minimizing damage and allowing your agency to return to normal operations as soon as possible after an attack.

8. Properly Funded Programs

Successful cybersecurity can save your agency millions in the long run, but the best systems require significant initial investment. Lohrmann advises that instead of adding on a separate budget line for security, agencies should make sure that security is built in up front for all core projects.

You can download the full guide by clicking here. Below are additional GovLoop resources:

Thank you to our industry partners for sponsoring the GovLoop Report, Winning the Cybersecurity Battle. With any questions about this report, please reach out to Pat Fiorenza, Senior Research Analyst, at [email protected].

Leave a Comment


Leave a Reply

David B. Grinberg

This is an awesome resource, Kathryn.

While I’m no IT expert (like Mr. Ressler), I do know that cybersecurity is a major priority for CIOs at agencies at all levels gov-wide.

As U.S. national security, defense and intelligence communities know well, gov must win the war on cyber-terrorism. This is essential not only to safeguard critically important agency and employee data and info systems, but also to protect the homeland from cyber attack by our adversaries.

Cybersecurity is a cutting edge IT security field we can no longer afford to take for granted. Thanks to you and everyone at GovLoop who prepared this must-read publication.