Last year, the media was rampant with reports of data breaches affecting government offices worldwide. Federal government agencies in the US alone saw a massive jump in the number of data breaches compared to previous years, according to the 2018 Thales Data Threat Report, Federal Edition.
The report states that out of 100 US Federal IT leaders surveyed, 57% reported suffering a data breach last year, compared to 34% in the previous year’s report. Government agencies have faced huge criticism in recent years over how they handle citizen’s personal data, perhaps because data breaches can undermine the public’s trust in the government’s ability to protect their information.
This year hasn’t been a quiet one for data breaches so far – from the ransomware attack on Atlanta city government systems to county employees in North Carolina who were targets of a cyberattack – it’s no wonder that government employees are concerned about data breach vulnerability, whether the data at stake contains the personal information of the public’s or their own.
GDPR: Bringing New Awareness to Existing Risks
In light of the EU’s upcoming implementation of the massive General Data Protection Regulation (GDPR), government entities worldwide are reconsidering the ways they handle personal data. While hackers are a major concern, many experts agree that the biggest threat to federal data security is the negligent insider: employees with no malicious intent who may accidentally delete important files, fall victim to phishing attempts, or share more data than is consistent with security policies or legal requirements.
So what should government offices do to tackle the very real threat of data breach head-on? Here are 3 ways government offices can improve security.
1. Gain More Control Over Mobile Devices
The workforce has become increasingly mobile across all sectors, leading to more and more employees checking their work emails from unsecured personal mobile devices, thus putting sensitive data at risk. If you think that government agencies are an exception to that rule, you might want to remember what happened not so long ago with the Hillary Clinton email controversy.
While IT administrators may not be able to control the use of personal mobile devices during work hours, they can restrict email server access from unauthorized devices. Organizations that want to minimize cybersecurity risk may want to ditch email altogether when sending and receiving sensitive data, opting instead for a secure file exchange software. Data transfers that take place via XM SendSecure for example, are reinforced with robust security features like double encryption and two-factor authentication. What’s more is that both SendSecure and its mobile app integrate seamlessly with major email platforms, allowing users to work from the platforms they’re most comfortable with while on-the-go.
2. Train Federal Employees on Security Best Practices
The importance of security training can’t be understated, whether it’s a simple message sent out to government workers (even high-level officials) reminding them to avoid clicking on suspicious emails or requiring IT workers to patch systems as soon as updates are available.
It’s the IT department’s responsibility to know what’s at stake when weak security policies are in place, not the end-user’s. Making security tips easy-to-understand and follow may be challenging, but it’s vital.
3. Implement a Bug Bounty Program
While government officials report struggling to find qualified security professionals for hire, there’s a large community of independent security researchers in the US who could help find vulnerabilities in government systems. Companies in Silicon Valley have been implementing bug bounties for years, allowing software developers to discover bugs in the system well before they can do widespread damage. When government agencies adopt bug bounty programs, it gives “white-hat” hackers the chance to not only receive recognition and compensation, but to do something good that protects individuals.
Successful security initiatives like Hack the Pentagon are strong examples of bringing in outside sources to identify IT infrastructure weaknesses in a controlled environment, yet not every government agency at state or local levels have access to the world’s best hackers. It can still be helpful however, to invite researchers or consultants who are within reach to check for vulnerabilities and can help determine where you might be open to cyber attacks or other risks that could result in a data breach.
Discover solutions that could simplify and strengthen your data security strategy with minimal downtime and user training. Speak with an expert today.