In today’s ever-evolving and complex IT environment, security must become every agency employee’s job. Agencies should fully understand how to embed information security into IT best practices and amongst all users to protect agency data and networks and the public.
To learn how to implement stronger IT controls and compliance monitoring, GovLoop partnered with SolarWinds, a leader in IT security management solutions. We also gained insights from Arthur Bradway, Senior Federal Sales Engineer at SolarWinds.
1. Gamify training.
IT leaders should consider embedding security practices and conversations about good security habits within the daily office environment. For example, gamifying security training by using fun and engaging activities to convey an agency’s position on the importance of constant vigilance can help create a lasting, effective, and deep-seated culture of security. “A lot of current training methods aren’t really engaging to the end user,” Bradway noted. “You spend all that time to get your users there and they don’t remember anything. By making it more engaging, they’ll retain more of the information.”
2. Cover all your security posture bases.
According to Bradway, there are several other important yet basic steps agencies can take to improve their security posture. “These include everything from regularly updating your infrastructure inventory and identifying and protecting critical assets, to creating a plan to document process changes and leveraging automated responses, when appropriate,” he said. Other steps include utilizing two-factor authentication and documenting security incident procedures and policies.
3. Leverage cybersecurity training — and make it memorable.
Solid security awareness training should help your end users think twice when they get a suspicious email or download shadow software onto a device. To make training stand out, gamify them, as we discussed earlier; do the training in person when possible; and don’t lecture — involve the end users to reinforce learning.
4. Invest in the right network and application performance monitoring tools.
Building strong IT controls requires a deep level of visibility into one’s IT infrastructure. Network and application performance monitoring and log management tools offer this needed visibility by continuously collecting data on operations and alerting IT administrators about anomalies, such as lags in performance or intrusion attempts, providing constant and valuable insight into network activities and failed logins.
This blog post is an excerpt from our new report, How Government Can Embed Information Security Into IT Best Practices
To learn more about the challenge and solution for embedding good information security practices, download our full report here.