How to Stay Safe Online When You Work in Government


The Internet has changed the way we communicate with our family, friends and the world around us. But, as government employees, we’re now the targets of international hackers that are very eager to get their hands on our log in credentials and systems.

Fortunately, keeping yourself safe online doesn’t have to be a hassle and you can have a little fun doing it! Here are a few easy tips that can make a considerable difference in keeping your online profile more secure and help you feel like a secret agent in the process.

Pretend like you are 007 and everyone is out to get you

Everyone’s favorite government employee might be James Bond, or 007 of Her Majesty’s Secret Service. Bond has had training and honed his impeccable instincts to sense danger, and we can learn a thing or two from his experiences to help keep ourselves safe online. Everyone knows that James Bond always gets the girl, but if you get a friend request from an attractive guy or gal that you don’t know, it might be best to assume they’re a double-agent, and do not accept the friend request. I know this may sound like the makings of a spy novel, but believe me, it can really happen and could have disastrous after-effects.

Keep your enemies close and your laptop closer

If you’re dressed as sharply as the world’s most famous secret agent, you may not want to drag a laptop bag around with you, but it just might be your most important mission. According to the SANS Institute, “the greatest threat when out of the office is the theft or loss of the laptop,” and a single loss is estimated by many organizations to cost your agency $50,000 (or more) in replacement cost, productivity and intellectual property loss. So don’t leave it in your vehicle, or in your home when you go on vacation (it is better to bring it back to the office). And if you use a laptop infrequently, make sure you boot it up regularly to install software updates and charge the battery.

Do not take selfies with your ID badge

Here’s an often overlooked tip; when you post photos online, make sure you are not wearing your government identification. This can be very challenging when taking a photo during a retirement party, work lunch, or speaking engagement, but it’s important that you don’t reveal the elements of your agency’s identification badge. In a pinch, slip it into the pocket of your shirt, or cover it completely with your hand. Your physical security team will thank you! I’ve actually been to a security conference, where the goal was to duplicate the security badge of an employee at the hotel, and a cunning conference-goer simply asked the hotel security guard to “take a selfie” with them, and their badge was (of course) right in the photo. Finally, do not use your agency ID as identification when traveling or hang it on your vehicle’s rear view mirror when it isn’t around your neck.

My secret tip for extra protection – create a secret alias!

If you’ve ever taken a look at a hacker’s “password leak” lists, you’ll see they’re typically composed of two different elements: your login credentials and your password. The common school-of-thought is to always use a unique password for every site and to make it as complex as possible. But there’s a second element that is also within your control to change; the login account name. On most systems and services, this is an email address or you can enter an email address into the field. Create a second (or many!) email address only used for system logins that is totally unique. For example, instead of [email protected]….com, create [email protected]…com.

Keep this address totally secret, by not using it for email correspondence or in Internet discussions. Only use this address for highly sought after accounts like your administrative credentials, web hosting access, banking web sites and your social networks. Now, when a password leak list breech occurs, you’ll be able to quickly find out if your secret account has been disclosed by hackers, rather than having to run through all of your email addresses that could have been harvested from other places. Reset it (create a new secret email address) and your password when a breech occurs. While you’re updating your accounts, Google “Two Factor Authentication” and learn how to enable it on your Facebook, Twitter, Google, iCloud and PayPal accounts. More web sites are enabling this security feature, and it is a great way to help keep your accounts secure.

If you get in the habit of practicing these simple security tips, you’ll be honing your secret agent skills and earning a “license to kill security threats!” If you have a favorite Govie security tip, be sure to share it with everyone in the comments below — as long as it won’t blow your cover.

Daniel Hanttula is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.

Leave a Comment

One Comment

Leave a Reply

Austin Govie

Good article, and I loved the story linked as “it can really happen and have disastrous consequences”.

However “breech” is the improper spelling! Breach is a gap in a wall, barrier,etc. or act of making one; breech is part of a cannon, or buttocks!