Achieving your agency’s mission with the newest technology is a necessary step to modernize services and to keep pace in the digital era. However, virtualization can make your agency more vulnerable if it is not paired with the right security measures.
In GovLoop’s new Agency of the Future series guide, “Winning the Cybersecurity Battle,” features case studies, industry perspectives and best practices to take your agency into the future without compromising security.
The guide also highlights actions you can take right now to mitigate risk at your agency. Below is an excerpt from our report, which highlights 8 ways to ensure your agency’s mission does not become a risky business, with special insights from Dan Lohrmann, Chief Security Officer, State of Michigan.
An effective cybersecurity strategy must appeal to individual employees and be easily incorporated into the day-to-day mission at the agency. Cyber experts must also convince executives and decision makers to make cybersecurity a priority. “Getting buy-in and executive leadership is key,” said Lohrmann.
2. Training and Education
Every cybersecurity strategy depends on individual compliance. If an employee falls for a phishing scam or uses a work-around to avoid a security measure, the entire agency is at risk. Most employees want to comply with and enhance their agency’s cybersecurity goals, yet many fail to understand how their actions impact the system. Effective training can help employees gain this critical understanding. Our guide highlights training best practices from the State of Michigan.
3. Continuous Monitoring
Identifying when your system has been compromised is only possible when you have an understanding of how your system looks operating optimally. Continuous monitoring allows agencies to access a holistic view of their systems and identify security implications for changes in hardware, software and firmware. NIST (The National Institute for Standards and Technology) recommends continuous monitoring as part of their six-step risk management framework.
4. Preparing Against Sophisticated Attacks
Always stay one step ahead of attackers. As attack strategies by hackers grow more complex, so should your security systems. Michigan introduced a Cyber Range that allows employees to test fire their strategies against simulated attacks.
5. Keeping Systems Updated
The most common attacks take advantage of antiquated systems that do not deploy updated security measures. Keeping your system up to date is the simplest way to protect your agency against the majority of attacks.
6. Talent Management
As threats grow in sophistication, the need for the top cyber talent in government becomes more pressing. Unfortunately, government is losing a competition with the private sector in attracting this talent. Government agencies must come up with incentives to draw in and retain the best people in the field.
7. Disaster Recovery Planning
Even with the best security, cyber attacks are inevitable. Every effective cyber security strategy must include steps for minimizing damage and allowing your agency to return to normal operations as soon as possible after an attack.
8. Properly Funded Programs
Successful cybersecurity can save your agency millions in the long run, but the best systems require significant initial investment. Lohrmann advises that instead of adding on a separate budget line for security, agencies should make sure that security is built in up front for all core projects.
You can download the full guide by clicking here. Below are additional GovLoop resources:
- Navigating the Cyber Threat Landscape
- Cyber Security in Focus [Infographic]
- Providing Secure Mobility for Agencies [Report]
- Agency of the Future Guide: Winning the Cybersecurity Battle
- Important Weapon in the Cyber War: SecureView MILS Workstation
- 9 Sources of Cyber Threats Highlighted in GAO Report
Thank you to our industry partners for sponsoring the GovLoop Report, Winning the Cybersecurity Battle. With any questions about this report, please reach out to Pat Fiorenza, Senior Research Analyst, at [email protected].