GovLoop

Don’t Hold the Door, State and Local Cyber Experts Say

Holding the door open for strangers may be polite in the physical world, but in the cyber world, it comes at a huge cost for state and local agencies.

Employees can inadvertently allow improper access to systems and data by sharing passwords, opening emails with phishing links, leaving laptops unlocked and more. If you aren’t careful, you can “walk the bad guys through the door, hand in hand,” said Solomon Adote, Chief Security Office for Delaware.

That’s why state and local cybersecurity experts want employees to better understand one thing: “All it takes is one click to open up an incident,” said Tanya Hannah, Director and Chief Information Officer for King County, Washington.

Every employee must be aware of and responsible for preventing security breaches. Managers and supervisors, particularly, should understand that each interaction with a computer system has a certain risk level, even something as mundane as email.

In 2019, organizations lost $1.7 billion due to compromised business emails, the FBI reported. Understanding how you use technology in your role, the related risks and the potential ways you could be targeted can make the difference between a successful breach and a failed one.

All of this is what cybersecurity training intends to achieve – but when training is tedious or punishing and another roadblock to people’s jobs, the intended outcome doesn’t occur. It’s a delicate and often thankless balance that cybersecurity teams handle.

“From a cybersecurity perspective, you hardly get great feedback on what you do. You just created another obstacle for people to overcome to do their jobs,” Adote said. “But when they reach out and say, ‘I really enjoyed that series,’ or ‘[This character] is hilarious, I wouldn’t do what [they] did,’ you know you’re getting the message across.”

What’s the message? The message is that everyone plays a part in cybersecurity. Cyberattacks don’t just impact cyber teams, but the whole agency. It’s why risk management as a strategy can help.

Even small agencies should heed and conduct risk management. It’s not just for large agencies and the federal government, Hannah said.

To begin to manage cyber risk, identity management is one place to start. It’s a central theme in the president’s recent cybersecurity executive order, Adote said.

The Main Point: “It starts from the basics. Have a strong foundation,” Adote said. “Identity will be a great foundation to build your program on.” Hannah said, “And [it’s] something you can get funding for.”

This article is an excerpt from GovLoop’s resource, “What You Can Do Now to Prepare and Persevere Through the Next Cyberattack.” Download the full resource here.

Exit mobile version