Perhaps you or somebody you know was a victim of one of the security breaches at the Office of Personnel Management. After all, 21 million people were affected by having their personal records stolen or compromised. The incident was one of the central topics at the breakout session titled “Cybersecurity Best Practices: Have Good Cyber Hygiene” during the second day of the NextGenGov 2015 event.
What can federal employees do to protect themselves, how new incidents could be prevented and how is government addressing the problem were some of the topics discussed by Kristina Dorville, Deputy Branch Chief for Cybersecurity Awareness Programs at the U.S. Department of Homeland Security (DHS), and Celia Paulsen, IT Security Specialist at the national Institute of Standards and technology (NIST).
For a clearer picture of how often cyberattacks occur, Dorville shared some concerning statistics: at the Department of Defense alone, there are 10 million cyberattacks daily. These attacks range from phishing emails to denial of service (dos) attacks, that is, attempts to make services unavailable to users. While cyber criminals are ready to attack, employees should be more vigilant since 48% of data breaches were caused by employees from the inside, according to statistics provide by Dorville.
How to Protect Yourself
If you don’t protect your personal life, you are not protecting your government’s life, said Paulsen, a former ethical hacker. It is the employee’s responsibility to implement best practices at home and at the workplace. According to Paulson, many federal employees do not realize they have access to valuable information such as budget figures and contracts details; this information can be considered valuable to cybercriminals.
Both experts agreed on simple practices we can easily implement today such as changing your email passwords regularly and avoid using the same password for your personal and government accounts. When it comes to passwords, they strongly advised against a common practice many of us are guilty of: writing passwords. By doing this, we potentially give easier access to the “bad guys” to sensitive information.
On the use of social media, Dorville and Paulsen recommended to check your privacy settings. Publicly available information can be used by hackers to draft targeted emails for phishing attempts, she said.
Federal Government Efforts
DHS launched the Stop.Think.Connect. campaign, an initiative to increase the understanding of cyberthreats and provide resources to the public to be more secure online. Anyone can become active part of the campaign by signing up to be a “friend” and obtain resources and tips regularly, said Dorville.
Government agencies also have their own efforts in place to safeguard their networks. Many agencies are implementing the multi-factor authentication which involves accessing networks via additional stages to verify a user’s identity. Dorville and Paulsen cited other efforts underway, especially after the White House called for efforts to be ramped up after the OPM incidents.
Life After the Crime
There are measures to prevent cyber-crime, but what if a person is already a victim (as it was the case for millions at OPM)? Follow the money, said Dorville. Money is the currency most cyber criminals are after so if you were a victim, she said, you should pay special emphasis in tracking your finances and check your credit score for possible compromises.
Creating a cybersecurity culture is not just material for a catchy slogan. Paulsen emphasized t is a serious matter and therefore, all individuals need to educate and protect themselves.
From July 20th – 21st we’ll be blogging from GovLoop and YGL’s Next Generation of Government Training Summit. Follow along @NextGenGov and read more blog posts here.