We live in a world that relies heavily on technology and data. Everything has become more digital and accessible, even for government agencies. But with better technology comes the need for stronger cybersecurity measures.
Cyber criminals are always getting smarter and finding new ways to steal your information. It’s crucial that government agencies create and maintain robust data security measures to ensure the safety of their valuable information.
In GovLoop’s recent online training, Protecting Your Data: More than an IT Problem, topic experts spoke about the importance of cybersecurity and how agencies can implement high security standards to protect themselves.
Our experts, Brad Rouding, Director of Security Operations, at USDA and Pat Plante, VP of Strategic Business Development, of Informatica said cybyersecurity is everyone’s job to maintain. Rounding and Plante discussed a three-phase process to building a risk management framework at your agency to help you combat cyberthreats.
The phases include:
Phase 1: Discover and identify. Discover the who, what, when, where, and how of our data. First, figure out what you need to protect, which may include: financial data, research, high-value assets, and more. Then discover where your data is stored so you have a grasp of what you need to do to protect it.
Is it stored in a data center, public/private/government cloud, employee workstations, shared drives, or on a CD/DVD/USB? If you find that you have data stored in an unsuitable location, find a logical place for it.
Phase 2: Assess the risk. Find out who has access, who is supposed to have access, and who has unnecessary privileged access. To ensure complete protection it’s important to only allow certain people access to information. The more people who have access to something, the more chances there are for data breach. Find out if your data is backed up or duplicated. If it is, where did you store the duplicate? It’s crucial that each set of data has equally strong security measures.
It is also important to identify the potential impact of a breach and what the consequences might be. Would you lose confidentiality, integrity, availability or more? Knowing what is most threatening to you and your agency will help you to implement appropriate countermeasures.
Phase 3: Implement. There needs to be a healthy balance between technology, process and people, to achieve full security. A few cyber technology examples are Whitelist vs. Blacklist methods. Blacklist mentality is a form of an antivirus system. This system keeps track to everything that’s bad and measures what programs you’re running. So if you run a program that’s on its “bad list” than it will try to stop you from running that program. The problem with a Blacklist mentality is that the list of bad programs is never ending. With the Whitelist mentality, your security software keeps track of the few programs that are secure and good to access. So when someone tries to access a program that’s not on the “good” list, the program request will fail.
Once you find a suitable technology to protect your information, you can implement security policies and regulations for employees to abide by. These can include anything from a list of websites employees shouldn’t access to network username and password requirements.
Cyber threats evolve and it’s important to remember that this three-step process is a cycle. You should constantly update your security measures based on your current and future needs. To learn more about cybersecurity and best practices for protecting your information, watch the on-demand version of this training here.